SAP January 2025 Patch Day: Critical Vulnerabilities in NetWeaver Resolved – Apply Patches Now

Shield53 Blog: SAP January 2025 Patch Day Resolves Critical NetWeaver Vulnerabilities

Published Date: January 17, 2025
Author: Shield53 Security Team

Overview

On January 2025 Patch Day, SAP released 14 new security notes addressing critical vulnerabilities in its enterprise solutions. Among these are two Hot News vulnerabilities in NetWeaver AS for ABAP and ABAP Platform, each with a CVSS score of 9.9, highlighting their critical nature. These flaws could enable attackers to compromise sensitive credentials and communication channels, posing significant risks to business operations.

As a global leader in cybersecurity, Shield53 urges organizations to take immediate action to apply these critical patches to safeguard their SAP environments.

Key Vulnerabilities Addressed

1. CVE-2025-0070 – Improper Authentication (CVSS 9.9)

   • Description: This vulnerability affects the internal RFC communication between HTTP clients and servers within the same system. An attacker could steal credentials and impersonate an internal caller, enabling unauthorized access.

   • Impact: Compromises confidentiality, integrity, and availability of the affected applications.

2. CVE-2025-0066 – Information Disclosure (CVSS 9.9)

   • Description: Under specific conditions, attackers could read decrypted, plaintext credential information required for system-to-system communication.

   • Impact: Exposes sensitive information, increasing the risk of lateral movement within the environment.

3. CVE-2025-0063 – SQL Injection (CVSS 8.8)

   • Description: This flaw in NetWeaver’s handling of the Informix database could allow attackers to manipulate or exfiltrate data.

4. CVE-2025-0061 and CVE-2025-0060 – High-Severity Vulnerabilities in BusinessObjects BI

   • Description: These flaws enable attackers to exploit weaknesses in the Business Intelligence platform, potentially impacting data integrity.

5. CVE-2025-0069 – DLL Hijacking in SAPSetup

   • Description: This vulnerability could allow unauthorized execution of malicious DLLs in the SAPSetup utility.

Additional medium- and low-severity vulnerabilities were addressed across Business Workflow, NetWeaver, GUI for Windows, and BusinessObjects platforms.

Why These Updates Are Critical

SAP NetWeaver is the backbone of many enterprise systems, including ERP, CRM, and SCM applications. Exploiting these vulnerabilities could allow attackers to:

• Access and manipulate sensitive data.

• Impersonate legitimate users and disrupt workflows.

• Compromise inter-system communication to gain broader control over the environment.

SAP has noted no active exploitation of these vulnerabilities in the wild; however, attackers often target unpatched SAP systems shortly after vulnerabilities are disclosed.

Recommended Actions

To protect your SAP environment, Shield53 advises the following:

1. Apply Patches Immediately

   • Implement the updates provided in SAP’s security notes for all affected systems.

   • Prioritize the patches for CVE-2025-0070 and CVE-2025-0066 due to their critical nature.

2. Restrict System Access

   • Limit external access to SAP systems, particularly those involving inter-system communications.

   • Implement role-based access controls (RBAC) to restrict unauthorized users.

3. Monitor for Indicators of Compromise (IOCs)

   • Enable enhanced logging and monitor system activity for unusual patterns, such as unauthorized credential use or SQL queries.

4. Secure Communication Channels

   • Harden the configurations of RFC communication and enforce encryption for all system-to-system communications.

5. Conduct Security Assessments

   • Perform a full vulnerability assessment of your SAP environment to identify and mitigate other potential risks.

Shield53’s Commitment

At Shield53, we are committed to helping organizations secure their critical business applications. Our team is equipped with the expertise to assist in applying patches, monitoring system health, and mitigating threats related to SAP vulnerabilities.

For more information or assistance in implementing these recommendations, contact the Shield53 Security Team.

Stay secure, stay proactive.
– Shield53 Security Team

References

• SAP Security Notes

• SAP NetWeaver Documentation

• Onapsis Research on SAP Vulnerabilities

• NVD Entry for CVE-2025-0070