Sunday, May 4, 2025
HomeCyber Security NewsCritical SAP NetWeaver Flaws Let Hackers Gain System Access

Critical SAP NetWeaver Flaws Let Hackers Gain System Access

Published on

SIEM as a Service

Follow Us on Google News

SAP has released its January 2025 Security Patch Day updates, addressing 14 new vulnerabilities, including two critical flaws in SAP NetWeaver that could allow attackers to gain unauthorized access to affected systems.

The most severe vulnerability, CVE-2025-0070, is an improper authentication issue in SAP NetWeaver ABAP Server and ABAP Platform.

With a CVSS score of 9.9, this flaw affects multiple versions of the KRNL64NUC, KRNL64UC, and KERNEL components.

- Advertisement - Google News

Successful exploitation could lead to a complete compromise of system confidentiality, integrity, and availability.

The second critical vulnerability, CVE-2025-0066, is an information disclosure flaw in SAP NetWeaver AS for ABAP and ABAP Platform’s Internet Communication Framework.

Also carrying a CVSS score of 9.9, this vulnerability impacts numerous versions of the SAP_BASIS component.

Among the high-severity issues, SAP patched an SQL injection vulnerability (CVE-2025-0063) in NetWeaver AS for ABAP and ABAP Platform, with a CVSS score of 8.8.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Other Flaws

Additionally, multiple vulnerabilities (CVE-2025-0061 and CVE-2025-0060) were addressed in SAP BusinessObjects Business Intelligence Platform, scoring 8.7 on the CVSS scale.

SAP also fixed a DLL hijacking vulnerability (CVE-2025-0069) in SAPSetup, which received a CVSS score of 7.8. This flaw could potentially allow attackers with local access to escalate privileges.

The remaining vulnerabilities, rated as medium and low severity, affect various SAP components including SAP GUI for Windows and Java, SAP NetWeaver Application Server Java, and SAP Business Workflow.

Security experts emphasize the critical nature of these patches, particularly for internet-facing SAP systems. Organizations are strongly advised to apply the updates immediately to mitigate potential exploitation risks.

As SAP systems often form the backbone of critical business operations, timely application of security updates is crucial.

SAP customers are urged to review the full list of security notes and implement the necessary patches as soon as possible to protect their SAP landscapes from potential attacks.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...

Threat Actors Use AiTM Attacks with Reverse Proxies to Bypass MFA

Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...