{"id":13154,"date":"2025-06-25T10:01:45","date_gmt":"2025-06-25T08:01:45","guid":{"rendered":"https:\/\/www.inprosec.com\/?p=13154"},"modified":"2025-06-25T10:01:45","modified_gmt":"2025-06-25T08:01:45","slug":"sap-security-notes-june-2025","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/sap-security-notes-june-2025\/","title":{"rendered":"SAP Security Notes, June 2025"},"content":{"rendered":"

Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems.<\/strong><\/p>\n\n

June 2025 Notes<\/h2>\n

Summary and Highlights of the Month<\/h3>\n
\n

This month, the total number of notes was 14, which is 4 fewer than the previous month. We had 1 Hot News this month, 1 less than in the previous period. Regarding high-criticality notes, there are 5, the same as last month. Medium and low-criticality notes will not be reviewed, so we will detail a total of 6 notes<\/b> (all with a CVSS of 7<\/b><\/span> or higher).<\/p>\n

We have a<\/b> total of 14 notes<\/b> for the entire month (14 new ones).<\/p>\n

We will review in detail a total of 6 notes, all of high criticality and Hot News:<\/p>\n

    \n
  1. One of the most critical notes of the month (CVSS 9.6<\/span>)<\/b> is a High note, related to “Missing Authorization Check in SAP NetWeaver Application Server for ABAP”<\/b><\/li>\n
  2. The next one in criticality (CVSS 8.8<\/span>)<\/b> is a note related to “Information Disclosure in SAP GRC (AC Plugin)”<\/b><\/li>\n
  3. The next one in criticality (CVSS 8.5<\/span>)<\/b> is a note related to “Missing Authorization Check in SAP Business Warehouse and SAP Plug-In Basis”<\/b><\/li>\n
  4. The next one in criticality (CVSS 8.2<\/span>)<\/b> is a note related to “Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)”<\/b><\/li>\n
  5. The next ones in criticality are 2 medium notes (CVSS <\/b>7.6<\/span><\/b> and CVSS <\/b>7.5<\/b><\/span>)<\/b>, one related to “Directory Traversal vulnerability in SAP NetWeaver Visual Composer”<\/b> and the other related to “Multiple vulnerabilities in SAP MDM Server”<\/b><\/li>\n
  6. \n
    This month, the most predominant type is “Missing Authorization Check”<\/b> (6\/14 on patch day)<\/div>\n<\/li>\n<\/ol>\n

    In the chart, we can see the classification of the June notes<\/u><\/b>, as well as the evolution and classification of the previous 5 months (only Security Tuesday \/ Patch Day notes \u2013 by SAP):<\/p>\n

    \"\"<\/p>\n<\/div>\n

    Full details<\/h3>\n

    The complete detail of the most relevant notes<\/strong> is as follows:<\/p>\n

      \n
    1. \n
      Missing Authorization check in SAP NetWeaver Application Server for ABAP) (<\/u><\/b>3600840<\/a><\/u><\/b>)<\/u>:<\/b>\u00a0RFC inbound processing fails to perform the necessary authorization checks for an authenticated user, resulting in privilege escalation. A successful exploit could have a critical impact on both the integrity and availability of the application. The way to eliminate this risk is by the authorization checks which are now added to initiate S_RFC authorization for tRFC and qRFC calls. Apply the kernel patch and set the profile parameter indicated in the note.\u00a0CVSS v3\u00a0Base Score <\/b>9,6<\/b><\/span>\/ 10 [<\/b>CVE-2025-42989<\/a><\/u><\/b>]<\/b><\/div>\n<\/li>\n
    2. \n
      Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis\u00a0(<\/u><\/b>3609271<\/a><\/u><\/b>)<\/u>:<\/b>\u00a0SAP GRC allows a non-administrative user to access and initiate a transaction that could allow them to modify or control transmitted system credentials. This has a significant impact on the confidentiality, integrity, and availability of the application. This problem is solved by preventing the report from running. CVSS v3\u00a0Base Score <\/b> 8,8<\/b><\/span>\/ 10 [<\/b>CVE-2025-42982<\/a><\/u><\/b>]<\/b><\/div>\n<\/li>\n
    3. \n
      Authentication Bypass Vulnerability in SAP Financial Consolidation (<\/b>3606484<\/a><\/u><\/b>) <\/b>SAP Business Warehouse and\u00a0SAP Plug-In Basis allow an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in data loss or system inoperability. A successful exploit can completely delete database entries, but cannot read any data. The problem is solved by removing the code in the RFC function module.\u00a0CVSS v3\u00a0Base Score <\/b>8,5<\/b><\/span>\/ 10\u00a0 [<\/b>CVE-2025-42983<\/a><\/u><\/b>]<\/b><\/div>\n<\/li>\n
    4. \n
      \u00a0Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace) (<\/b>3560693<\/a><\/u><\/b>): <\/b>SAP BusinessObjects Business Intelligence (BI workspace) allows an unauthenticated attacker to create and store malicious scripts within a workspace. When the victim accesses the workspace, the script will execute in their browser, potentially allowing the attacker to access sensitive session information, modify the session information, or make it unavailable. This results in a high confidentiality impact and a low integrity and availability impact. CVSS v3\u00a0Base Score <\/b>8,2<\/b><\/span>\/ 10\u00a0 [<\/b>CVE-2025-23192<\/a><\/u><\/b>]<\/b><\/div>\n<\/li>\n
    5. \n
      Directory Traversal vulnerability in SAP NetWeaver Visual Composer (<\/b>3610591<\/a><\/u><\/b>): <\/b>SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privilege user. This allows an attacker to read or modify arbitrary files, which has a high confidentiality impact and a low integrity impact. CVSS v3\u00a0Base Score <\/b>7,6<\/b><\/span>\/ 10\u00a0 [<\/b>CVE-2025-42977<\/a><\/u><\/b>]<\/b><\/div>\n<\/li>\n
    6. \n
      Multiple vulnerabilities in SAP MDM Server (<\/b>3610006<\/a><\/u><\/b>):<\/b>\u00a0This security advisory addresses three vulnerabilities in SAP MDM Server:<\/div>\n<\/li>\n<\/ol>\n