SAP New Critical Vulnerabilities Updates - 202509004¶
Overview¶
SAP has addressed multiple critically rated vulnerabilities in their monthly Security Patch Notes affecting multiple products.
What is vulnerable?¶
| Product(s) Affected | CVE | CVSS | Severity |
|---|---|---|---|
| SAP Supplier Relationship Management (Live Auction Cockpit) | CVE-2025-30012 | 10 | Critical |
| SAP S/4HANA and SAP SCM (Characteristic Propagation) | CVE-2025-42967 | 9.9 | Critical |
| SAP NetWeaver | CVE-2025-42980 CVE-2025-42963 CVE-2025-42964 CVE-2025-42966 |
9.1 9.1 9.1 9.1 |
Critical |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected products within the expected timeframes (refer Patch Management):