Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

SAP Addresses Critical Vulnerabilities in NetWeaver Application Servers



SAP has addressed critical vulnerabilities in its NetWeaver application server, including four high-severity flaws that could allow attackers to exploit improper authentication checks, access restricted information, and compromise databases. Organizations using this platform are strongly advised to apply the latest patches available to protect their systems from these risks.

  • SAP has released patches for critical vulnerabilities in its NetWeaver application server.
  • The vulnerabilities have a severity rating of 9.9 and pose significant risks to the security and integrity of SAP systems.
  • CVE-2025-0070, CVE-2025-0066, CVE-2025-0063, and CVE-2025-0061 are four critical vulnerabilities identified in NetWeaver.
  • The vulnerabilities allow authenticated attackers to exploit privilege escalation, access restricted information, and compromise confidentiality, integrity, and availability.
  • SAP strongly recommends that customers apply the latest patches to protect their SAP environment from these vulnerabilities.



    • SAP has recently taken steps to address critical vulnerabilities in its NetWeaver application server, a core platform for running ABAP applications and enabling secure communication via the Internet Communication Framework. The company's efforts come as part of its January Security Patch Day, during which it released updates for other products to patch 12 additional issues rated with medium and high severity.

    The security vulnerabilities identified in NetWeaver were deemed critical in nature, with a severity rating of 9.9 for each. These vulnerabilities, designated by CVE-2025-0070, CVE-2025-0066, CVE-2025-0063, and CVE-2025-0061 respectively, pose significant risks to the security and integrity of SAP systems.

    CVE-2025-0070 is categorized as a critical severity vulnerability, with an 9.9 score assigned to it by the Common Vulnerability Scoring System (CVSS). This vulnerability allows authenticated attackers to exploit improper authentication checks in SAP NetWeaver Application Server for ABAP and ABAP Platform, resulting in privilege escalation and compromising confidentiality, integrity, and availability.

    Similarly, CVE-2025-0066 is also a critical severity vulnerability with the same 9.9 score assigned to it by the CVSS. This vulnerability arises due to weak access controls in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework), enabling attackers to access restricted information and significantly compromising confidentiality, integrity, and availability.

    CVE-2025-0063 is another critical severity vulnerability with a score of 8.8. This vulnerability is related to SQL injection in SAP NetWeaver AS ABAP and ABAP Platform, resulting from a lack of authorization checks for certain RFC function modules. This allows attackers with basic privileges to compromise an Informix database, leading to a complete loss of confidentiality, integrity, and availability.

    Lastly, CVE-2025-0061 is categorized as a high severity vulnerability with a score of 8.7. This vulnerability affects the SAP BusinessObjects Business Intelligence Platform, allowing unauthenticated attackers to perform session hijacking over the network due to an information disclosure issue. This enables the attacker to access and modify all application data.

    The impact of these vulnerabilities cannot be overstated, as they pose significant risks to the security and integrity of SAP systems. These systems are used by large enterprises across various industries, including manufacturing, finance, retail, healthcare, and government, for managing business operations and customer relations.

    SAP has strongly recommended that its customers apply the latest patches available to protect their SAP environment from these vulnerabilities. The company's Security Advisory provides detailed information on each vulnerability, as well as instructions on how to apply the necessary patches to mitigate these risks.

    In light of these critical vulnerabilities in NetWeaver application servers, it is essential for organizations using this platform to prioritize patching and updating their systems with the latest security fixes. Failure to do so may result in significant security breaches, compromising sensitive information and disrupting business operations.



    Related Information:

  • https://www.bleepingcomputer.com/news/security/sap-fixes-critical-vulnerabilities-in-netweaver-application-servers/

  • https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html

  • https://nvd.nist.gov/vuln/detail/CVE-2025-0070

  • https://www.cvedetails.com/cve/CVE-2025-0070/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-0066

  • https://www.cvedetails.com/cve/CVE-2025-0066/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-0063

  • https://www.cvedetails.com/cve/CVE-2025-0063/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-0061

  • https://www.cvedetails.com/cve/CVE-2025-0061/


    • Published: Wed Jan 15 17:12:10 2025 by llama3.2 3B Q4_K_M


         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us