SAP's August 2025 Patch Tuesday: A Critical Security Update
In a move to strengthen the security of its customers' systems, SAP has released its August 2025 Patch Tuesday update, addressing 26 critical vulnerabilities in its software. Among these, four have been classified as 'hot news' or 'critical', posing significant risks to the security and integrity of SAP S/4HANA systems.
A Critical Vulnerability in SAP S/4HANA
One of the most severe vulnerabilities addressed by SAP is CVE-2025-42957, a Code Injection vulnerability in SAP S/4HANA's RFC-exposed function module. This flaw allows attackers with user privileges to inject ABAP code, bypassing checks and potentially compromising the entire system.
The impact of this vulnerability cannot be overstated. According to the Common Vulnerabilities and Exposures (CVE) scoring system, this issue has a CVSS score of 9.9, indicating its high severity and potential for widespread disruption.
A Code Injection Vulnerability in SAP Landscape Transformation
Another critical vulnerability addressed by SAP is CVE-2025-42950, a Code Injection vulnerability in SAP Landscape Transformation's RFC-exposed function module. This flaw allows privileged users to inject ABAP code, bypassing checks and potentially fully compromising the system.
A Flaw in SAP S/4HANA's Function Module
Additionally, CVE-2025-27429 is a Code Injection vulnerability in SAP S/4HANA's RFC-exposed function module. This flaw allows privileged users to inject ABAP code, bypassing checks and potentially taking full control of the system.
A Broken Authorization Flaw in SAP Business One
Another critical issue addressed by SAP is CVE-2025-42951, a Broken Authorization flaw in SAP Business One (SLD). This vulnerability allows authenticated attackers to use an API to gain DB admin rights, severely impacting confidentiality, integrity, and availability.
A Call to Action
As with any major security update, it is essential for SAP customers to prioritize patching and updating their systems as soon as possible. The timely deployment of these patches can significantly reduce the risk of a successful attack and minimize potential downtime.
To stay informed about emerging threats and vulnerabilities, follow reputable sources such as @securityaffairs on Twitter, Facebook, and Mastodon for the latest security news and updates.