CyberSecurityBoard
Sponsor Register Login

SAP April 2025 Security Update : Critical Code Injection Vulnerabilities Patched

This comprehensive update focuses on addressing multiple vulnerabilities in SAP’s extensive product portfolio, with a particular spotlight on critical code injection flaws that posed significant risks to enterprise environments. By addressing critical vulnerabilities like code injection and authentication bypass issues, SAP ensures the resilience of its products while urging customers to act swiftly in applying these patches for maximum protection. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. To mitigate code injection vulnerabilities, developers are advised to implement rigorous input validation and sanitization processes. Timely patching is crucial to prevent exploitation of these vulnerabilities, which could lead to data breaches or unauthorized system control. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. With a CVSS score of 9.8, this flaw could allow attackers to bypass authentication mechanisms and gain unauthorized access to sensitive systems. This flaw could enable unauthorized code execution, leading to severe operational disruptions. Both vulnerabilities have been classified as ‘Critical’ due to the ease of exploitation and the significant damage they could inflict. A Time-of-check Time-of-use race condition vulnerability in Apache Tomcat within SAP Commerce Cloud [CVE-2024-56337], CVSS 8.1, has been patched.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 08 Apr 2025 14:20:25 +0000


Cyber News related to SAP April 2025 Security Update : Critical Code Injection Vulnerabilities Patched

The Biggest SAP Cybersecurity Mistake Businesses Make-And How To Prevent It - There are no small mistakes-every mistake in cybersecurity is potentially catastrophic. Several oversights that have quietly grown into some of the most significant cybersecurity missteps can be found within SAP software configurations and include ...
1 year ago Cybersecurity-insiders.com
Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications - In case you missed it, in the first part of this series we talked about the importance of hardening security for the application layer as part of your proactive approach to mitigating ransomware. We know exploited vulnerabilities are the most common ...
1 year ago Securityboulevard.com
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Enterprise software maker SAP this week announced the release of 10 new and two updated security notes as part of its first Security Patch Day of 2024. Rated 'hot news', the highest rating in SAP's notebook, two of the new and one of the updated ...
1 year ago Securityweek.com CVE-2023-49583 CVE-2023-50422
The Biggest Tech Talent Gap Can Be Found in the SAP Ecosystem - They're not just looking for people who can write code; they want individuals who can implement, integrate, and run a variety of software platforms crucial for modern businesses. A recent Forbes case study explored dynamic areas like cybersecurity, ...
1 year ago Cysecurity.news
SAP Patches Critical Vulnerability in Business Technology Platform - German enterprise software maker SAP on Tuesday announced the release of 15 new and two updated security notes as part of its December 2023 Security Patch Day. Four of the December 2023 security notes have a severity rating of 'hot news', the highest ...
1 year ago Securityweek.com CVE-2023-49583
SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers - The exploitation technique uses HTTP request smuggling to bypass security controls and trigger a memory corruption vulnerability. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability ...
1 month ago Cybersecuritynews.com CVE-2023-7629
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
2 months ago Cybersecuritynews.com
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Enterprise software maker SAP on Tuesday announced the release of 14 new and three updated security notes as part of its May 2024 Security Patch Day. Two new and one updated security notes are rated 'hot news', the highest severity in SAP's playbook, ...
1 year ago Securityweek.com CVE-2019-17495 CVE-2022-36364 CVE-2024-33006
Cyber Security News Weekly Round-Up - The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive. According to recent findings from Morphisec ...
1 year ago Cybersecuritynews.com CVE-2023-6317 CVE-2023-6320
SAP's April 2024 Updates Patch High-Severity Vulnerabilities - Enterprise software maker SAP on Tuesday announced the release of 10 new and two updated security notes, including three notes that address high-severity vulnerabilities. Of SAP's April 2024 security notes, the most severe addresses a security ...
1 year ago Securityweek.com
SAP Security Patch Addresses Privilege Escalation Flaw - SAP is a leading enterprise software suite that integrates various business functions like:-. This renowned enterprise software suite helps organizations to:-. Recently, on a security note, the German multinational software company SAP released a ...
1 year ago Cybersecuritynews.com CVE-2024-21734
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild - Discovered in April 2025 by ReliaQuest security researchers during incident response activities, the vulnerability has already been weaponized in attacks against organizations running even fully-patched SAP installations. Organizations using SAP ...
1 month ago Cybersecuritynews.com CVE-2025-31324
SAP Patches Critical Command Injection Vulnerabilities - Enterprise software maker SAP on Tuesday released 10 new and two updated security notes as part of its March 2024 Security Patch Day, calling attention to serious bugs in business-facing products. Three of the notes are marked 'hot news' - the ...
1 year ago Securityweek.com CVE-2019-10744 CVE-2024-22127
SAP April 2025 Security Update : Critical Code Injection Vulnerabilities Patched - This comprehensive update focuses on addressing multiple vulnerabilities in SAP’s extensive product portfolio, with a particular spotlight on critical code injection flaws that posed significant risks to enterprise environments. By addressing ...
2 months ago Cybersecuritynews.com CVE-2024-56337
Oracle’s First Security Update for 2023 Includes 327 New Patches - Oracle has released its first security update of 2023, delivering 327 new security fixes and patching a range of critical vulnerabilities. This update covers products spanning across Oracle’s Cloud portfolio, Fusion Middleware, Hyperion, E-Business ...
2 years ago Securityweek.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
1 year ago Feeds.dzone.com
Windows 11 KB5037771 update released with 30 fixes, changes - Microsoft is rolling out the KB5037771 cumulative update for Windows 11 23H3 with thirty bug fixes and changes, including a fix for a bug breaking VPN connections. This cumulative update is rolling out as part of Microsoft April 2024 Patch Tuesday ...
1 year ago Bleepingcomputer.com
Chinese hackers behind attacks targeting SAP NetWeaver servers - SAP released an out-of-band emergency patch on April 24 to address this unauthenticated file upload security flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual Composer, days after cybersecurity company ReliaQuest first detected the ...
1 month ago Bleepingcomputer.com CVE-2025-31324
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
8 months ago Helpnetsecurity.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
8 months ago Cyberdefensemagazine.com
Microsoft pushes fix for Windows 11 update 0x80240069 errors - ​Microsoft has fixed a known issue preventing Windows 11 24H2 feature updates from being delivered via Windows Server Update Services (WSUS) after installing the April 2025 security updates. "Devices which have installed the April Windows ...
1 month ago Bleepingcomputer.com
Google Chrome 0-Day Vulnerability Exploited in the Wild - Update Now - The tech giant announced yesterday that Chrome’s Stable channel has been updated to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux to address four security issues, including a high-severity zero-day flaw. Google ...
1 month ago Cybersecuritynews.com CVE-2025-4609
Microsoft Patch Tuesday April 2025: 121 Vulnerabilities Fixed Including 1 Actively Exploited Zero-Day - This month’s update addresses a significant array of threats, including elevation of privilege, remote code execution, and a single actively exploited zero-day vulnerability that has heightened urgency for users and administrators alike. ...
2 months ago Cybersecuritynews.com CVE-2025-29824
Windows 10 KB5037768 update released with new features and 20 fixes - Microsoft has released the KB5037768 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty changes, including account notifications in the Start Menu and Widgets on the lock screen. KB5037768 is a mandatory Windows 10 cumulative ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)