SAP Security Patch Day: 15 Vulnerabilities Resolved, Including 3 Critical Injection Flaws
On August 12th, 2025, SAP released a comprehensive security update addressing 15 new vulnerabilities across its enterprise software portfolio, including three critical code injection flaws that pose significant risks to organisations worldwide. The monthly Security Patch Day also included four updates to previously released security notes, underscoring SAP’s ongoing commitment to mitigating emerging threats in its enterprise applications. Among the vulnerabilities, three code injection flaws in SAP S/4HANA and the SAP Landscape Transformation platform allow for remote code execution. The low attack complexity, combined with minimal privileges required for exploitation, makes these flaws particularly dangerous for system compromise.
The three critical vulnerabilities identified in this patch cycle represent some of the most severe security risks ever documented in SAP systems. CVE-2025-42957 affects SAP S/4HANA Private Cloud and On-Premise installations across versions S4CORE 102 through 108, enabling authenticated attackers to execute arbitrary code with elevated privileges. Similarly, CVE-2025-42950 targets the SAP Landscape Transformation Analysis Platform, affecting multiple DMIS versions from 2011_1_700 to 2020. The third critical flaw, CVE-2025-27429, is an updated security note originally released in April 2025, indicating that additional attack vectors or incomplete remediation may have been discovered since the initial patch. These injection vulnerabilities exploit inadequate input validation mechanisms within SAP’s ABAP runtime environment, allowing malicious actors to inject and execute unauthorised code through network-accessible interfaces.
Categories: Critical Code Injection Vulnerabilities, Security Patch Updates, Authorization and Injection Flaws
Tags: SAP, Security Update, Vulnerabilities, Code Injection, Remote Code Execution, S/4HANA, Landscape Transformation, CVSS Score, Authorization Bypass, Cybercriminals