[Vulnerability Alert] SAP Releases Critical Security Patch for NetWeaver ABAP Application Server (CVE-2025-42989)

publish date : 2025-06-19 update date : 2025-06-19

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2025061209060707	Publication Time	2025/06/12 09:30
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/06/12 09:30
Impact Level	Low
[Subject] [Vulnerability Alert] SAP Releases Critical Security Patch for NetWeaver ABAP Application Server (CVE-2025-42989)
[Content] Forwarded from TWCERTCC-200-202506-00000007 SAP has issued a critical security advisory for its NetWeaver ABAP Application Server addressing a vulnerability (CVE-2025-42989, CVSS: 9.6). This flaw lies within the SAP Remote Function Call (RFC) process, where an authenticated attacker may bypass verification checks, leading to privilege escalation. If successfully exploited, the vulnerability could significantly impact the application’s integrity and availability. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] KERNEL versions: 7.89, 7.93, 9.14, 9.15
[Recommended Actions] "Please visit SAP's official website and apply the necessary patch: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html"
[Reference] https://www.twcert.org.tw/tw/cp-169-10175-8908d-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share