![[The AI Show Episode 143]: ChatGPT Revenue Surge, New AGI Timelines, Amazon’s AI Agent, Claude for Education, Model Context Protocol & LLMs Pass the Turing Test](https://www.marketingaiinstitute.com/hubfs/ep%20143%20cover.png)
![[DEALS] Microsoft Visual Studio Professional 2022 + The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From Accountant to Data Engineer with Alyson La [Podcast #168]](https://cdn.hashnode.com/res/hashnode/image/upload/v1744420903260/fae4b593-d653-41eb-b70b-031591aa2f35.png?#)
.png?#)
![What Google Messages features are rolling out [April 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![iPadOS 19 Will Be More Like macOS [Gurman]](https://www.iclarified.com/images/news/97001/97001/97001-640.jpg)
![Apple TV+ Summer Preview 2025 [Video]](https://www.iclarified.com/images/news/96999/96999/96999-640.jpg)
![Apple Watch SE 2 On Sale for Just $169.97 [Deal]](https://www.iclarified.com/images/news/96996/96996/96996-640.jpg)
SAP April 2025 Security Update : Critical Code Injection Vulnerabilities Patched
SAP announced its latest Security Patch Day, unveiling 18 new Security Notes alongside updates to two previously released advisories. This comprehensive update focuses on addressing multiple vulnerabilities in SAP’s extensive product portfolio, with a particular spotlight on critical code injection flaws that posed significant risks to enterprise environments. One of the most severe vulnerabilities patched […] The post SAP April 2025 Security Update : Critical Code Injection Vulnerabilities Patched appeared first on Cyber Security News.
SAP announced its latest Security Patch Day, unveiling 18 new Security Notes alongside updates to two previously released advisories.
This comprehensive update focuses on addressing multiple vulnerabilities in SAP’s extensive product portfolio, with a particular spotlight on critical code injection flaws that posed significant risks to enterprise environments.
One of the most severe vulnerabilities patched is labeled as [CVE-2025-27429]. This code injection vulnerability affects SAP S/4HANA (Private Cloud), specifically targeting versions S4CORE 102 through 108.
With a CVSS score of 9.9, the flaw allowed potential attackers to inject malicious code, compromising data integrity and system security.
A similarly critical issue identified as [CVE-2025-31330], which affects SAP Landscape Transformation (Analysis Platform). It affects versions DMIS 2011_1_700 to 2011_1_731 and also has a CVSS score of 9.9.
This flaw could enable unauthorized code execution, leading to severe operational disruptions. Both vulnerabilities have been classified as ‘Critical’ due to the ease of exploitation and the significant damage they could inflict.
Application Security is no longer just a defensive play, Time to Secure -> Free Webinar
Another critical issue is an authentication bypass vulnerability in SAP Financial Consolidation tracked as [CVE-2025-30016].
With a CVSS score of 9.8, this flaw could allow attackers to bypass authentication mechanisms and gain unauthorized access to sensitive systems.
Updates to Existing Security Notes
An update to a previously released note addressing improper authorization in the SAP BusinessObjects Business Intelligence platform, [CVE-2025-0064] with a CVSS 8.8.
Also, Mixed Dynamic RFC Destination Vulnerability [CVE-2025-23186] in SAP NetWeaver Application Server ABAP. This issue impacts multiple kernel versions, including KRNL64NUC and KRNL64UC (7.22, 7.53, and others), with a CVSS score of 8.5.
A Time-of-check Time-of-use race condition vulnerability in Apache Tomcat within SAP Commerce Cloud [CVE-2024-56337], CVSS 8.1, has been patched.
It affects versions HY_COM 2205 and COM_CLOUD 2211, with a CVSS score of 8.1.
The update also addresses two directory traversal vulnerabilities: one in SAP Capital Yield Tax Management [CVE-2025-30014] and another in SAP NetWeaver and ABAP Platform’s Service Data Collection component [CVE-2025-27428], both with CVSS scores of 7.7.
Technical Mitigation Strategies
To mitigate code injection vulnerabilities, developers are advised to implement rigorous input validation and sanitization processes. Below is an example ABAP code snippet:
This demonstrates proper handling of user inputs to prevent malicious code execution.
SAP strongly recommends customers visit the Support Portal to review the detailed Security Notes and apply patches immediately.
Timely patching is crucial to prevent exploitation of these vulnerabilities, which could lead to data breaches or unauthorized system control.
The April 2025 Security Update underscores SAP’s commitment to safeguarding enterprise landscapes from evolving cyber threats.
By addressing critical vulnerabilities like code injection and authentication bypass issues, SAP ensures the resilience of its products while urging customers to act swiftly in applying these patches for maximum protection.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free
The post SAP April 2025 Security Update : Critical Code Injection Vulnerabilities Patched appeared first on Cyber Security News.
