SAP has released 15 new security notes on the August 2025 Patch Tuesday, including for critical vulnerabilities.

SAP fixed the issue in late April 2025, but at the time, multiple security firms were already seeing attacks in the wild. ReliaQuest, Onapsis, watchTowr, Mandiant, all reported observing threat actors ...

Earlier this week, SAP patched a separate, also critical, zero-day vulnerability in NetWeaver server. This one, it said, was being chained in attacks targeting some of the world’s biggest ...

In August, SAP issues 15 new security notes on vulnerabilities in its products. Some of them pose a critical risk.

An SAP logo is seen on a building in Frankfurt, Germany, on September 1, 2024. The sotware giant deepened its alliance with AWS to help drive up sales of its cloud-based S/4 HANA ERP solution ...

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers.

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. The vulnerability, tracked under CVE ...

Attackers have been exploiting a critical zero-day vulnerability in the Visual Composer component of the SAP NetWeaver application server since early this week. SAP released an out-of-band fix ...

What NetWeaver BPM Is and Is Not With its NetWeaver BPM announcement, SAP has introduced a “generic business process modeling environment,” Sheina says.

But SAP, in fact, has full confidence in NetWeaver and big plans for it, spokeswoman Shabana Khan said via e-mail. NetWeaver is “the foundational technology to our solutions,” she said.

In late April, security researchers reported that more than 1,200 SAP instances were at risk of being hijacked, due to a maximum severity vulnerability found in NetWeaver Visual Composer’s ...