Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: SAP patched multiple vulnerabilities in their products, Patch Immediately!
Image
Published : 08/07/2025
* Last update: 08/07/2025
* Affected software:
→SAP Supplier Relationship Management
→SAP S/4HANA and SAP SCM
→SAP NetWeaver Enterprise Portal
→SAP NetWeaver XML Data Archiving
→SAP NetWeaver Application Server Java
→SAP NetWeaver ABAP Server
→SAP NetWeaver Application Server ABAP
→…* Type: Multiple types
* CVE/CVSS:
- CVE-2025-30012: CVSS 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
- CVE-2025-42967: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
- CVE-2025-42980: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
- CVE-2025-42964: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
- CVE-2025-42966: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
- CVE-2025-42963: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
- CVE-2025-42959: CVSS 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2025-42953: CVSS 8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
- …
Sources
SAP - https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
Risks
SAP has released 27 new Security Notes and 4 updates to previously published notes as part of the July 2025 Security Patch Day. Several vulnerabilities have been classified as Critical with CVSS scores ranging from 9.1 to 10.0, and require immediate attention.
The most severe vulnerability, CVE-2025-30012, affects SAP Supplier Relationship Management’s Live Auction Cockpit component and carries a maximum CVSS score of 10.0.
Description
CVE-2025-30012 – CVSS 10.0 - Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) – Update
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this malicious request which will result in deserialization of data in the application leading to execution of arbitrary OS command on target as SAP Administrator.
CVE-2025-42967 – CVSS 9.9 - Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation)
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system.
CVE-2025-42980 - CVSS 9.1 - Insecure Deserialization in SAP NetWeaver Enterprise Portal Federated Portal Network
SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
CVE-2025-42964 – CVSS 9.1 - Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration
SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
CVE-2025-42966 – CVSS 9.1 - Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service)
SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object.
CVE-2025-42963 – CVSS 9.1 Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer)
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.
CVE-2025-42959 – CVSS 8.1 - Missing Authentication check after implementation of SAP Security Note 3007182 and 3537476
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
CVE-2025-42953 - Missing Authorization check in SAP NetWeaver Application Server for ABAP
SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
GBHackers - https://gbhackers.com/sap-july-2025-patch-day/
CVE.org - https://www.cve.org/CVERecord?id=CVE-2025-30012