SAP has published a series of security patches tending to an undisclosed number of security vulnerabilities impacting its applications. On Tuesday, Friday’s final updates came out. Most notably, they focus on targeting critical vulnerabilities in SAP NetWeaver as well as patching a high-severity flaw in SAP S/4HANA. These vulnerabilities are serious, with CVEs allowing for arbitrary code execution and arbitrary file uploads.
As part of SAP’s ongoing commitment to cybersecurity, SAP regularly improves and updates its systems. These updates are a direct response to the growing threats that enterprise software applications are subjected to. The intensive security vulnerabilities discovered required the highest level of focus, which caused SAP to leap into action and deliver this solution with urgency to its customers.
Critical Vulnerabilities in SAP NetWeaver
SAP also implemented three important vulnerabilities in SAP NetWeaver, the central development and integration platform for SAP applications. These vulnerabilities would enable attackers to run OS commands with complete control of the system by sending special payloads to open UDP ports. This type of access can result in dangerous outcomes, including hijacking of systems.
“allows an unauthenticated attacker to execute arbitrary OS commands by submitting a malicious payload to an open port” – Onapsis
SAP’s release was accompanied by detailed guidance for users, outlining ways they can reduce the risks posed by these vulnerabilities. In the meantime, customers should install security patches without delay in order to secure their networks.
High-Severity Defect in SAP S/4HANA
Besides the NetWeaver vulnerabilities, SAP fixed a critical security flaw in SAP S/4HANA, listed as CVE-2025-42957. This vulnerability was assigned a CVSS score of 9.9 signifying its criticalness. According to PCMag, the flaw is currently being exploited in the wild. This demonstrates the extremely high need for organizations to begin implementing the updates as soon as possible.
SAP recommends that customers enable P4 port filtering. Instead, this should occur at the Internet Communication Manager (ICM) level as a component of the remediation process. This stopgap measure makes all the difference. It prevents arbitrary hosts from being able to connect to the P4 port and thus exploit the vulnerability.
“A successful exploit can lead to full compromise of the application. As a temporary workaround, customers should add P4 port filtering at the ICM level to prevent unknown hosts from connecting to the P4 port.” – Onapsis
Accessing the Security Updates
Organizations that rely on SAP software should visit SAP’s support portal for the latest security patches and updates. These updates are necessary to comply with security standards. Beyond just compliance, they mitigate risk by protecting sensitive data and maintaining operational integrity.
Onapsis, a cybersecurity firm that focuses on SAP vulnerabilities, recently flagged these updates in a blog post. They emphasized that users need to move urgently to mitigate the risks associated with these vulnerabilities. SAP is working on these major issues and addressing them directly. Their intent is to improve the security of their software and protect their customers from new threats.