What is the most critical vulnerability in SAP's July 2025 update?

CVE-2025-30012 with a perfect CVSS score of 10.0 is the most critical vulnerability. It affects multiple components in SAP Supplier Relationship Management (Live Auction Cockpit) and allows unauthenticated attackers to run arbitrary OS commands on the target system as an SAP Administrator.

How many critical vulnerabilities are included in the SAP July 2025 security update?

The July 2025 update includes 6 critical vulnerabilities: CVE-2025-30012 (CVSS 10.0) in SAP Supplier Relationship Management, CVE-2025-42967 (CVSS 9.9) in SAP S/4HANA, and four insecure deserialization vulnerabilities in SAP NetWeaver components (CVE-2025-42980, CVE-2025-42964, CVE-2025-42966, CVE-2025-42963) all with CVSS scores of 9.1.

What makes CVE-2025-30012 so dangerous for SAP environments?

CVE-2025-30012 has a perfect CVSS score of 10.0 because it allows unauthenticated attackers to execute arbitrary operating system commands with SAP Administrator privileges. This means attackers can gain complete control over affected SAP Supplier Relationship Management systems without needing any credentials or prior access.

What is the pattern of vulnerabilities affecting SAP NetWeaver in July 2025?

A significant portion of the critical vulnerabilities involves insecure deserialization flaws across various SAP NetWeaver components. Four critical vulnerabilities (CVE-2025-42980, CVE-2025-42964, CVE-2025-42966, CVE-2025-42963) all with CVSS 9.1 scores affect different NetWeaver services including Enterprise Portal, XML Data Archiving Service, and Application Server for Java.

How do the insecure deserialization vulnerabilities in SAP NetWeaver work?

These vulnerabilities allow attackers with administrative privileges to execute malicious code by sending specially crafted serialized Java objects to vulnerable NetWeaver components. The system improperly deserializes these objects, leading to code execution and potential system compromise.

What is CVE-2025-42967 and why is it critical?

CVE-2025-42967 (CVSS score 9.9) is a Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation). With nearly a perfect CVSS score, this vulnerability represents a severe threat to SAP's flagship ERP system and supply chain management applications.

What high-severity vulnerabilities are addressed in the SAP July 2025 update?

High-severity vulnerabilities include missing authentication and authorization issues (CVE-2025-42959, CVE-2025-42953, CVE-2024-53677), privilege escalation vulnerabilities (CVE-2025-43001, CVE-2025-42992), directory traversal vulnerabilities (CVE-2025-42970), and memory corruption flaws (CVE-2025-42971).

Which SAP products are most affected by the July 2025 security updates?

The most affected products include SAP NetWeaver (multiple components), SAP Supplier Relationship Management, SAP S/4HANA, SAP SCM (Supply Chain Management), and SAP NetWeaver Enterprise Portal. These represent core components of SAP's enterprise software ecosystem.

What should SAP customers do immediately regarding these July 2025 security updates?

SAP strongly recommends that customers visit the Support Portal and prioritize patch implementation to protect their SAP applications. Given the critical nature of several vulnerabilities, especially CVE-2025-30012 with its perfect CVSS score, immediate patching should be prioritized for affected systems.

How should organizations prioritize the SAP July 2025 security patches?

Organizations should prioritize: 1) CVE-2025-30012 (CVSS 10.0) in SAP SRM immediately, 2) CVE-2025-42967 (CVSS 9.9) in S/4HANA systems, 3) The four NetWeaver insecure deserialization vulnerabilities (CVSS 9.1), 4) High-severity authentication and privilege escalation issues, 5) Medium-severity vulnerabilities based on system exposure and business criticality.

What makes this SAP July 2025 patch cycle particularly significant?

This patch cycle is particularly significant due to the presence of a perfect CVSS 10.0 vulnerability that allows unauthenticated remote code execution, multiple critical insecure deserialization flaws in core NetWeaver components, and vulnerabilities affecting SAP's flagship S/4HANA system. The breadth and severity of these vulnerabilities make this a high-priority update cycle.

Are there any authentication bypass vulnerabilities in the SAP July 2025 update?

Yes, several vulnerabilities involve missing authentication and authorization controls, including CVE-2025-42959, CVE-2025-42953, and CVE-2024-53677. These high-severity vulnerabilities could allow attackers to bypass security controls and gain unauthorized access to SAP systems.

What is the risk to SAP S/4HANA systems from the July 2025 updates?

SAP S/4HANA systems face significant risk from CVE-2025-42967, a code injection vulnerability with a CVSS score of 9.9. As SAP's flagship ERP system, S/4HANA is critical to many organizations' operations, making this vulnerability a high priority for immediate patching.

How do privilege escalation vulnerabilities affect SAP environments?

The privilege escalation vulnerabilities (CVE-2025-43001 and CVE-2025-42992) could allow attackers with limited access to gain higher-level privileges within SAP systems. This could lead to unauthorized access to sensitive business data, system configurations, and administrative functions.

What components of SAP NetWeaver are affected by insecure deserialization vulnerabilities?

The affected NetWeaver components include Enterprise Portal Federated Portal Network (CVE-2025-42980), Enterprise Portal Administration (CVE-2025-42964), XML Data Archiving Service (CVE-2025-42966), and Application Server for Java Log Viewer (CVE-2025-42963). All have CVSS scores of 9.1.

Are there any directory traversal vulnerabilities in the SAP July 2025 update?

Yes, CVE-2025-42970 is a directory traversal vulnerability included in the high-severity category. Directory traversal vulnerabilities can allow attackers to access files and directories outside of the intended application scope, potentially exposing sensitive system files and data.

What should SAP administrators monitor for after applying the July 2025 patches?

SAP administrators should monitor for: unusual system behavior after patching, failed authentication attempts that might indicate exploitation attempts, unexpected privilege escalations, abnormal network traffic to SAP systems, and any signs of code injection or deserialization attacks. Regular security audits and log monitoring are essential to detect potential exploitation of unpatched systems.

What is the overall security impact of the SAP July 2025 Security Patch Day?

The July 2025 SAP Security Patch Day represents a critical security update with 31 vulnerabilities including one perfect CVSS 10.0 vulnerability and multiple near-critical flaws. The concentration of vulnerabilities in core SAP components like NetWeaver, S/4HANA, and SRM makes this update essential for maintaining enterprise security posture. Organizations should treat this as an emergency patch cycle requiring immediate attention.

Advisory

SAP July 2025 patch day fixes 31 vulnerabilities, one maximum severity

published: July 8, 2025

Take action: If you use SAP products, review the advisory in detail. Prioritize SAP Supplier Relationship Management which has a critical unauthenticated remote code execution vulnerability (CVE-2025-30012), then SAP S/4HANA and SAP SCM as well as SAP NetWeaver sustems.

Learn More

SAP released its July 2025 Security Patch Day updates addressing 31 vulnerabilities across its enterprise software portfolio. The update includes 27 new Security Notes and 4 updates to previously released patches.

Critical Vulnerabilities:

CVE-2025-30012 (CVSS score 10.0) - Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit). The vulnerability allows unauthenticated attackers to run arbitrary OS commands on the target system as an SAP Administrator.
CVE-2025-42967 (CVSS score 9.9) - Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation)
CVE-2025-42980 (CVSS score 9.1) - Insecure Deserialization in SAP NetWeaver Enterprise Portal Federated Portal Network
CVE-2025-42964 (CVSS score 9.1) - Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration
CVE-2025-42966 (CVSS score 9.1) - Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service)
CVE-2025-42963 (CVSS score 9.1) - Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer)

A significant portion of the critical vulnerabilities involves insecure deserialization flaws across various SAP NetWeaver components. These vulnerabilities allow attackers with administrative privileges to execute malicious code by sending specially crafted serialized Java objects, leading to system compromise.

High-severity vulnerabilities include missing authentication and authorization (CVE-2025-42959, CVE-2025-42953 and CVE-2024-53677); privilege escalation issues (CVE-2025-43001 and CVE-2025-42992), directory traversal vulnerabilities (CVE-2025-42970), and memory corruption flaws (CVE-2025-42971).

Medium-severity vulnerabilities predominantly affect cross-site scripting protections, authorization bypasses, and information disclosure across various SAP applications.

The company strongly recommends that customers visit the Support Portal and prioritize patch implementation to protect their SAP applications.

SAP July 2025 patch day fixes 31 vulnerabilities, one maximum severity

Read More
Veeam reports critical flaw in its Service Provider …
Anthropic Patches Critical Prompt Injection Flaws in Official …
SysAid zero-day flaw exploited by Cl0p hacker gang
Critical Citrix NetScaler Vulnerability CVE-2026-3055 Exploited in the …
Zero Day Initiative reports 13 vulnerabilities in Ivanti …