Critical SAP NetWeaver Flaws Let Hackers Gain System Access

SAP has released its January 2025 Security Patch Day updates, addressing 14 new vulnerabilities, including two critical flaws in SAP NetWeaver that could allow attackers to gain unauthorized access to affected systems.

The most severe vulnerability, CVE-2025-0070, is an improper authentication issue in SAP NetWeaver ABAP Server and ABAP Platform.

With a CVSS score of 9.9, this flaw affects multiple versions of the KRNL64NUC, KRNL64UC, and KERNEL components.

Successful exploitation could lead to a complete compromise of system confidentiality, integrity, and availability.

The second critical vulnerability, CVE-2025-0066, is an information disclosure flaw in SAP NetWeaver AS for ABAP and ABAP Platform’s Internet Communication Framework.

Also carrying a CVSS score of 9.9, this vulnerability impacts numerous versions of the SAP_BASIS component.

Among the high-severity issues, SAP patched an SQL injection vulnerability (CVE-2025-0063) in NetWeaver AS for ABAP and ABAP Platform, with a CVSS score of 8.8.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Other Flaws

Additionally, multiple vulnerabilities (CVE-2025-0061 and CVE-2025-0060) were addressed in SAP BusinessObjects Business Intelligence Platform, scoring 8.7 on the CVSS scale.

SAP also fixed a DLL hijacking vulnerability (CVE-2025-0069) in SAPSetup, which received a CVSS score of 7.8. This flaw could potentially allow attackers with local access to escalate privileges.

The remaining vulnerabilities, rated as medium and low severity, affect various SAP components including SAP GUI for Windows and Java, SAP NetWeaver Application Server Java, and SAP Business Workflow.

Security experts emphasize the critical nature of these patches, particularly for internet-facing SAP systems. Organizations are strongly advised to apply the updates immediately to mitigate potential exploitation risks.

As SAP systems often form the backbone of critical business operations, timely application of security updates is crucial.

SAP customers are urged to review the full list of security notes and implement the necessary patches as soon as possible to protect their SAP landscapes from potential attacks.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!