SAP’s November 2025 Security Patch Day has introduced significant updates targeting critical vulnerabilities, including CVE-2025-42890 and CVE-2025-42944, both rated CVSS 10.0. These vulnerabilities allow unauthenticated attacks that could lead to complete system takeover and remote code execution through insecure practices. This highlights the urgent need for enterprises to apply these patches to secure their SAP environments against potential exploits.
In addition to the critical vulnerabilities, other high-impact issues have been patched, such as CVE-2025-42887, which enables code injection for authenticated users with low privileges, posing risks to core business functions. The updates also tackle medium-severity vulnerabilities, such as various injection issues that threaten the integrity of systems, emphasizing the importance of timely patch management to mitigate risks from advanced threats exploiting these vulnerabilities. Organizations are advised to perform vulnerability scans, segment networks, and test patches thoroughly before deploying them in production.
👉 Pročitaj original: Cyber Security News
