SAP Addresses Critical Vulnerabilities in NetWeaver Application Servers with Urgent Security Patches

SAP has released critical security patches addressing multiple severe vulnerabilities in its NetWeaver Application Servers, potentially exposing organizations to significant cybersecurity risks. The vulnerabilities, rated with critical and high severity scores, could enable attackers to escalate privileges, access restricted information, and compromise system integrity.

The security bulletin highlights four primary vulnerabilities that demand immediate attention from SAP customers. Two critical vulnerabilities, identified as CVE-2025-0070 and CVE-2025-0066, specifically target SAP NetWeaver Application Server for ABAP and ABAP Platform, presenting serious authentication bypass and information disclosure risks.

CVE-2025-0070, scoring a critical 9.9, involves improper authentication checks that could allow authenticated attackers to escalate privileges. This vulnerability significantly impacts the system's confidentiality, integrity, and availability. Similarly, CVE-2025-0066 enables potential information disclosure through weak access controls in the Internet Communication Framework.

Complementing these critical vulnerabilities are two high-severity issues. CVE-2025-0063, with an 8.8 severity score, represents a SQL injection vulnerability in NetWeaver AS ABAP and ABAP Platform. This flaw could permit attackers with basic privileges to compromise Informix databases, potentially resulting in complete loss of system confidentiality and integrity.

The fourth vulnerability, CVE-2025-0061, affects SAP BusinessObjects Business Intelligence Platform. With a high severity score of 8.7, it enables unauthenticated attackers to perform session hijacking, potentially accessing and modifying application data.

These vulnerabilities pose significant risks across various industries, including manufacturing, finance, retail, healthcare, and government. NetWeaver, a core platform for running ABAP applications and enabling secure internet communication, is critically used by IT administrators, developers, and enterprise consultants managing complex ERP systems.

SAP strongly recommends that customers promptly apply the latest security patches to protect their technological infrastructure. Historically, unpatched SAP products have been attractive targets for cybercriminals seeking to exploit configuration weaknesses or unaddressed vulnerabilities.

The vendor's urgent security update underscores the continuous challenge of maintaining robust cybersecurity in complex enterprise environments. Organizations utilizing SAP technologies must prioritize patch management and maintain vigilant security practices to mitigate potential breach risks.

Enterprise IT teams are advised to immediately review their SAP landscapes, verify current patch levels, and implement these critical security updates. Delaying patch implementation could expose organizations to potentially devastating cyber intrusions that compromise sensitive business data and operational capabilities.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: Here are the 5 most contextually relevant blog posts: