Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Missing Authorization vulnerability in SAP NetWeaver Application Server for ABAP, Patch Immediately!
Image
Published : 11/06/2025
- Last update: 11/06/2025
- Affected software: SAP NetWeaver Application Server for ABAP (KERNEL 7.89, 7.93, 9.14, 9.15)
- Type:
→ Missing Authorization- CVE/CVSS:
→ CVE-2025-42989: CVSS 9.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H)
Sources
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
Risks
SAP NetWeaver Application Server for ABAP is the core application server in many SAP systems. It provides the runtime environment (where the code runs) for ABAP-based applications (like ERP, CRM, etc.) and services. CVE-2025-42989 is a critical vulnerability in SAP NetWeaver Application Server for ABAP that allows an authenticated user to bypass authorization checks, enabling them to execute high-privilege ABAP functions, escalate their privileges and potentially compromise the integrity and
availability of the application.
Description
CVE-2025-42989 is a critical vulnerability that allows authenticated attackers to bypass the standard authorization check on the S_RFC authorization object when using transactional (tRFC) or queued RFCs (Remote Function Calls, SAP's mechanism for communication between systems), leading to a privilege escalation. CVE-2025-42989 critically impacts the application's integrity and availability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. Cisco has released software updates that address this vulnerability. There are no workarounds available.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://onapsis.com/blog/sap-security-notes-june-2025-patch-day