<ul><li>SAP released a security patch in June 2025 to fix a critical vulnerability in the NetWeaver framework that allowed attackers to bypass authorization checks and escalate privileges.</li><li>The vulnerability, tracked as CVE-2025-42989 with a CVSS score of 9.6, could impact the integrity and availability of the application by letting authenticated attackers escalate privileges.</li><li>The flaw was found in SAP's Remote Function Call (RFC) framework, enabling attackers to bypass checks and escalate privileges, posing risks to app integrity and availability.</li><li>In addition to the critical NetWeaver bug, the June 2025 Security Patch addressed a total of five high-severity flaws and several other medium to low-severity vulnerabilities.</li></ul>

SAP June 2025 Security Patch Day fixed critical NetWeaver bug

Discover more