Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025081409081010 | Publication Time | 2025/08/14 09:53 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/08/14 09:53 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】 SAP released critical security advisories for multiple products |
|||
| [Content] Forwarded from TWCERTCC-200-202508-00000009 【CVE-2025-42957, CVSS: 9.9】 This vulnerability exists in SAP S/4HANA and SAP SCM Characteristic Propagation. It allows attackers with user privileges to exploit vulnerabilities in RFC-exposed function modules, inject arbitrary ABAP code into the system, and bypass required authorization checks. 【CVE-2025-42950, CVSS: 9.9】 This vulnerability exists in SAP Landscape Transformation (SLT). It allows attackers with user privileges to exploit vulnerabilities in RFC-exposed function modules, inject arbitrary ABAP code into the system, and bypass required authorization checks. 【CVE-2025-42951, CVSS: 8.8】 SAP Business One (SLD) contains an authorization vulnerability that allows authenticated attackers to call the corresponding API and gain administrator privileges on the database. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] ● SAP S/4HANA (Private Cloud or On-Premise) S4CORE versions 102, 103, 104, 105, 106, 107, 108 ● SAP Landscape Transformation (Analysis Platform) DMIS versions 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 ● SAP Business One (SLD) versions B1_ON_HANA 10.0, SAP-M-BO 10.0 |
|||
| [Recommended Actions] Apply patches according to the solutions released on the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10324-fd8bf-1.html |
|||