【Vulnerability Alert】SAP has released a security update to address a critical vulnerability (CVE-2025-42910) in its Supplier Relationship Management (SRM) system.
publish date :
2025-10-23
update date :
2025-10-23
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2025101704104141 | Publication Time | 2025/10/17 16:50 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/10/17 16:50 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】SAP has released a security update to address a critical vulnerability (CVE-2025-42910) in its Supplier Relationship Management (SRM) system. |
|||
| [Content] Forwarded from TWCERTCC-200-202510-00000007 SAP Supplier Relationship Management (SRM) is a system used by enterprises to manage and optimize collaboration with suppliers. In SAP’s recent monthly security update, a critical vulnerability (CVE-2025-42910, CVSS: 9.0) was disclosed. This vulnerability is caused by insufficient validation of document type or content, allowing authenticated attackers to upload arbitrary files. If successfully exploited, this could severely compromise the confidentiality, integrity, and availability of the affected application. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] This vulnerability affects SRMNXP01 versions 100 and 150. |
|||
| [Recommended Actions] Please visit the official website to apply the security update: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10445-15b02-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center