Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2025101704104141 | Publication Time | 2025/10/17 16:50 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/10/17 16:50 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】SAP has released a security update to address a critical vulnerability (CVE-2025-42910) in its Supplier Relationship Management (SRM) system. |
|||
| [Content] Forwarded from TWCERTCC-200-202510-00000007 SAP Supplier Relationship Management (SRM) is a system used by enterprises to manage and optimize collaboration with suppliers. In SAP’s recent monthly security update, a critical vulnerability (CVE-2025-42910, CVSS: 9.0) was disclosed. This vulnerability is caused by insufficient validation of document type or content, allowing authenticated attackers to upload arbitrary files. If successfully exploited, this could severely compromise the confidentiality, integrity, and availability of the affected application. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] This vulnerability affects SRMNXP01 versions 100 and 150. |
|||
| [Recommended Actions] Please visit the official website to apply the security update: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10445-15b02-1.html |
|||