SAP Security Notes Summary – March 2025

Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS Score Released On
CRM-IC-BF3561861[CVE-2025-27430] Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)3,525.03.2025
BC-CP-CF-CRTM3576540Open Source Security Advisory: Best Practices for Securing Spring Boot Actuator Endpoints for applications running on BTP0,011.03.2025
CEC-SCC-PLA-PL3562415[CVE-2024-38819] Multiple vulnerabilities in Spring Framework within SAP Commerce Cloud and SAP Datahub3,711.03.2025
BI-BIP-LCM3549494[CVE-2025-23185] Information Disclosure in SAP Business Objects Business Intelligence Platform4,111.03.2025
BI-RA-WBI-FE-HTM3557459[CVE-2025-0062] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)4,711.03.2025
BI-RA-WBI-FE-HTM3557469[CVE-2025-25245] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)5,411.03.2025
CEC-SCC-COM-BBA-COM3566851[CVE-2024-38286] Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud8,611.03.2025
MM-FIO-PUR-IR3474392[CVE-2025-26656] Missing Authorization check in S/4HANA (Manage Purchasing Info Records)4,311.03.2025
FI-FIO-AR-PAY3565835[CVE-2025-27433] Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)4,311.03.2025
EP-PIN-OBN3561792[CVE-2025-23194] Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)5,311.03.2025
BC-WD-UR3567246[CVE-2025-27431] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java5,411.03.2025
CEC-SCC-COM-BC-BCOM3569602[CVE-2025-27434] Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)8,811.03.2025
FI-FIO-GL-TRA3557655[CVE-2025-26660] Broken Access Control in  SAP Fiori apps (Posting Library)4,311.03.2025
BC-FES-WGU3552824[CVE-2025-26659] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)6,111.03.2025
BC-FES-WGU3562390[CVE-2025-25242] Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP6,111.03.2025
BC-DWB-TOO-CLA3563927[CVE-2025-26661] Missing Authorization check in SAP NetWeaver (ABAP Class Builder)8,811.03.2025
FS-RBD3557131[CVE-2025-23188] Missing Authorization check in SAP S/4HANA (RBD)4,311.03.2025
CA-GTF-CSC-EDO3568865[CVE-2025-27432] Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit)2,411.03.2025
BW-WHM-DST-PC3552144[CVE-2025-25244] Missing Authorization Check in SAP Business Warehouse (Process Chains)5,711.03.2025
SBO-CRO-SEC3561045[CVE-2025-26658] Broken Authentication in SAP Business One (Service Layer)6,811.03.2025
BC-CST-IC3558132[CVE-2025-0071] Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager4,911.03.2025
FIN-BA3483344[CVE-2024-39592] Missing Authorization check in SAP PDCE7,711.03.2025
BC-XS-APR3567974[CVE-2025-24876] Authentication bypass via authorization code injection in SAP Approuter8,111.03.2025

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2026. SAPBasisWorld.com Privacy Policy