SAP, a leading provider of enterprise resource planning (ERP) solutions, has recently released its latest security updates during its August Patch Tuesday or Security Patch Day. Fixes are included for several critical vulnerabilities that organizations using SAP products should address promptly.
SAP released a total of 15 new security notes, along with four updates to previous patches. Four of these are classified as critical vulnerabilities, which pose significant risks if left unpatched.
Among the most concerning are two newly identified flaws, CVE-2025-42950 and CVE-2025-42957, both related to code injection issues. According to Onapsis, a cybersecurity firm specializing in enterprise application security, these vulnerabilities can be exploited for arbitrary code execution—meaning an attacker could potentially take control of affected systems.
The first vulnerability, CVE-2025-42950, affects older SAP ERP systems, specifically the ERP Central Component (ECC).
The other critical vulnerability tracjed as CVE-2025-42957 affects the newer S/4HANA ERP platform.
Enterprise systems like SAP are prime targets for cybercriminals and nation-state actors because they often hold sensitive data and are critical to business operations. When vulnerabilities in these systems go unpatched, they can be exploited to gain unauthorized access, disrupt services, or even cause data breaches..
Visit SAP’s security advisory page for more information and updating guidance here.
Leave a Reply