SAP Security Patch Day February 2025: Multi Vulnerabilities Addressed

SAP has released its latest round of security patches, addressing 19 new vulnerabilities and updating 2 previous Security Notes. This Patch Day includes fixes for several vulnerabilities, including a high-risk authorization flaw in the SAP BusinessObjects Business Intelligence platform.

The most severe vulnerability addressed (CVE-2025-0064, CVSS 8.7) allows an attacker with admin rights to impersonate any user within the SAP BusinessObjects Business Intelligence platform. This could lead to a complete compromise of sensitive data and system functionality. SAP has urged customers to prioritize patching this vulnerability to protect their systems from potential attacks.

Other high-severity vulnerabilities addressed in this Patch Day include:

• Path Traversal Vulnerability in SAP Supplier Relationship Management (CVE-2025-25243, CVSS 8.6): This vulnerability allows an unauthenticated attacker to download arbitrary files, potentially exposing sensitive information.
• Authentication Bypass in SAP Approuter (CVE-2025-24876, CVSS 8.1): Attackers could exploit this vulnerability to steal user sessions and gain unauthorized access to applications.
• Multiple Vulnerabilities in SAP Enterprise Project Connection (CVE-2024-38819, CVE-2024-38820, CVE-2024-38828): These vulnerabilities could allow attackers to gain unauthorized access to project data and disrupt business operations.

In addition to the new vulnerabilities, SAP has also released updates to two previously released Security Notes. These updates address additional issues and provide further protection against potential attacks.

SAP customers are strongly advised to review the latest Security Notes and apply the necessary patches as soon as possible. Organizations should prioritize patching the critical vulnerabilities to mitigate the risk of exploitation. SAP also recommends that customers subscribe to its Security Notification Service to receive timely alerts about new vulnerabilities and patches.

Related Posts:

• A total of 10 Security in SAP was patched
• SAP Patches Critical BusinessObjects Vulnerability with October Security Updates
• SAP Patches Multiple Vulnerabilities in November 2024 Security Patch Day
• SAP, McAfee, Symantec is letting the Russia review their source code
• SAP Security Patch Day – August 2024: CVE-2024-41730 (CVSS 9.8) Vulnerability Exposes Systems to Full Control Exploit