On July 8, 2025, SAP released its latest Security Patch Day update, addressing a total of 27 new Security Notes and providing updates to three previously released patches. This comprehensive release includes seven vulnerabilities classified as critical, underscoring the importance of immediate action for organizations utilizing SAP’s enterprise software solutions.
Critical Vulnerabilities Overview
The most severe vulnerability in this release is identified as CVE-2025-30012, affecting the SAP Supplier Relationship Management (Live Auction Cockpit) component. This flaw has been assigned the maximum CVSS score of 10.0, indicating an extremely high risk of complete system compromise if exploited. The vulnerability impacts SRM_SERVER version 7.14 and is part of a broader security concern that includes related CVEs: CVE-2025-30009, CVE-2025-30010, CVE-2025-30011, and CVE-2025-30018. The interconnected nature of these vulnerabilities suggests multiple attack vectors within the Live Auction Cockpit, necessitating immediate patching to prevent potential exploitation.
In addition to CVE-2025-30012, six other critical vulnerabilities have been identified, each with a CVSS score of 9.1:
1. CVE-2025-42967: This code injection vulnerability affects SAP S/4HANA and SAP SCM (Characteristic Propagation) across multiple versions, including SCMAPO 713-714, S4CORE 102-104, and S4COREOP 105-108. Exploitation could allow unauthorized code execution, leading to potential data manipulation or system disruption.
2. CVE-2025-42980: An insecure deserialization issue in the Federated Portal Network component of SAP NetWeaver Enterprise Portal. This flaw could enable attackers to execute arbitrary code by exploiting the deserialization process.
3. CVE-2025-42964: Similar to CVE-2025-42980, this vulnerability exists in the Portal Administration component of SAP NetWeaver Enterprise Portal, posing risks of unauthorized code execution through insecure deserialization.
4. CVE-2025-42966: This insecure deserialization flaw affects the XML Data Archiving Service within SAP NetWeaver Enterprise Portal, potentially allowing attackers to execute malicious code remotely.
5. CVE-2025-42963: Located in the Log Viewer application for Java environments in SAP NetWeaver Enterprise Portal, this vulnerability could be exploited to execute arbitrary code via insecure deserialization.
6. CVE-2025-42965: Another insecure deserialization issue, this time in the Knowledge Management component of SAP NetWeaver Enterprise Portal, which could lead to unauthorized code execution.
High and Medium Severity Vulnerabilities
Beyond the critical vulnerabilities, SAP’s July 2025 patch release also addresses several high and medium severity flaws:
– CVE-2025-42959: A high-priority vulnerability scoring 8.1 on the CVSS scale, this issue involves missing authentication checks in SAP NetWeaver ABAP Server and ABAP Platform across multiple SAP_BASIS versions ranging from 700 to 915. Exploitation could allow unauthorized access to sensitive system functions.
– CVE-2025-42969: A medium-priority Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP, which could enable attackers to inject malicious scripts into web pages viewed by other users.
– CVE-2025-42962: Another XSS vulnerability, this time in SAP Business Warehouse, posing similar risks of malicious script injection.
– CVE-2025-42970: A directory traversal vulnerability affecting SAPCAR, a utility used for SAP package management. This flaw could allow attackers to access arbitrary files on the system.
– CVE-2025-43001: A privilege escalation issue that could enable users to gain higher-level permissions than intended, potentially leading to unauthorized actions within the system.
Recommendations for SAP Administrators
Given the severity and breadth of the vulnerabilities addressed in this patch release, SAP administrators are strongly advised to take the following actions:
1. Immediate Patch Deployment: Prioritize the application of patches for critical vulnerabilities, especially CVE-2025-30012, to mitigate the risk of system compromise.
2. Review and Update Security Configurations: Assess current security settings and configurations to ensure they align with SAP’s recommended best practices, reducing the likelihood of exploitation.
3. Monitor Systems for Unusual Activity: Implement continuous monitoring to detect any signs of unauthorized access or anomalous behavior that could indicate an attempted or successful exploitation of vulnerabilities.
4. Educate and Train Staff: Ensure that IT and security personnel are aware of the latest vulnerabilities and understand the importance of timely patching and adherence to security protocols.
By proactively addressing these vulnerabilities through prompt patching and vigilant system monitoring, organizations can significantly enhance the security posture of their SAP environments, safeguarding critical business operations against potential cyber threats.
