{"id":13596,"date":"2025-09-11T09:28:19","date_gmt":"2025-09-11T07:28:19","guid":{"rendered":"https:\/\/www.inprosec.com\/?p=13596"},"modified":"2025-09-11T09:28:19","modified_gmt":"2025-09-11T07:28:19","slug":"sap-security-notes-september-2025","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/","title":{"rendered":"SAP Security Notes, September 2025"},"content":{"rendered":"

Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems.<\/strong><\/p>\n\n

September 2025 Notes<\/h2>\n

Monthly Summary and Highlights<\/h3>\n
\n
This month the total number has been 21 notes, 2 more than in the previous month. This month we had 4 Hot News, 1 more than in the previous period. Regarding high-criticality notes, there are 4, which is 2 more than the previous month. Medium and low notes will not be reviewed, so we will provide details on a total of 8 notes<\/b> (all those with a CVSS of 7 <\/b>or higher).<\/div>\n
<\/div>\n
\n

We have a total of 21 notes<\/b> for the whole month (17 new and 4 updates of notes published in previous months).<\/p>\n

We will review in detail a total of 5 notes, all of high criticality and Hot News:<\/p>\n

    \n
  1. \n
    The highest criticality note of the month (CVSS<\/b> <\/b>10<\/b><\/span>) <\/b>is the Hot News with the maximum criticality score. This new note is related to \u201cInsecure Deserialization vulnerability in SAP Netweaver (RMI-P4)”<\/b><\/div>\n<\/li>\n
  2. \n
    The next in criticality (CVSS <\/b>9.9<\/b><\/span>)<\/b> is the following Hot News related to \u201cInsecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)\u201d<\/b>.<\/div>\n<\/li>\n
  3. \n
    The next in criticality (CVSS <\/b>9.6<\/b><\/span>) <\/b>is the third Hot News of the month, and it is an update of one published in March 2023. It is related to “Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform<\/b>“<\/div>\n<\/li>\n
  4. \n
    The next note in criticality (CVSS <\/b>9.1<\/b><\/span>) <\/b>is the last Hot News of the period, and it is related to “Missing Authentication check in SAP NetWeaver<\/b>“<\/div>\n<\/li>\n
  5. \n
    The next note in criticality (CVSS <\/b>8.8<\/b><\/span>)<\/b> is the first high-criticality note, and it is related to \u201cInsecure Storage of Sensitive Information in SAP Business One (SLD)\u201d<\/b>.<\/div>\n<\/li>\n
  6. \n
    The next note in criticality (CVSS <\/b>8.1<\/b><\/span>) <\/b>is related to \u201cMissing input validation vulnerability in SAP Landscape Transformation Replication Server\u201d<\/b><\/div>\n<\/li>\n
  7. \n
    The next note in criticality (CVSS <\/b>8.1<\/b><\/span>) <\/b>is related to \u201cMissing input validation vulnerability in SAP S\/4HANA (Private Cloud or On-Premise)\u201d<\/b><\/div>\n<\/li>\n
  8. \n
    Finally, the last note we are going to analyze, with a criticality of (CVSS <\/b>7.7<\/b><\/span>) <\/b>is an update of a note released in April this year, and it is related to \u201cDirectory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)\u201d<\/b><\/div>\n<\/li>\n
  9. \n
    This month the most predominant type is \u201cMissing Authorization Check\u201d (8\/21 on patch day)<\/b>.<\/div>\n<\/li>\n<\/ol>\n

    In the chart we can see the classification of the September notes<\/u><\/b>, as well as the trend and classification of the previous 5 months (only the Sec. Tuesday \/ Patch Day notes \u2013 by SAP):<\/p>\n<\/div>\n<\/div>\n

    \"\"<\/p>\n

    Full details<\/h3>\n

    The complete detail of the most relevant notes<\/strong> is as follows:<\/p>\n

      \n
    1. \n
      Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)<\/b> (<\/u><\/b>3634501<\/a><\/b>)<\/u>:<\/b>\u00a0In SAP NetWeaver, an unauthenticated attacker could exploit a deserialization vulnerability in the RMI-P4 module by sending malicious payloads to an open port. This insecure deserialization of untrusted Java objects could allow arbitrary OS command execution, severely impacting confidentiality, integrity, and availability. SAP resolved the issue by updating the affected P4-Lib component to enforce secure deserialization and restrict untrusted object acceptance. Customers must implement the patches specified in the note, ensuring that the JVM version is greater than Java 8 u121, and review dependency guidance to avoid incompatibilities. If patches cannot be applied immediately, administrators can mitigate risk by filtering the P4 port at the ICM level, allowing only trusted hosts and blocking all others. This workaround should only be used temporarily until the official fix is applied, after which it can be rolled back.\u00a0CVSS v3\u00a0Base Score <\/b>10<\/b><\/span>\/ 10 <\/b>[CVE-2025-42944<\/a>]<\/b><\/div>\n<\/li>\n
    2. \n
      Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)<\/b>(<\/u><\/b>3643865<\/a><\/b>)<\/u>:<\/b>\u00a0In SAP NetWeaver AS Java, an attacker authenticated as a non-administrative user could exploit a flaw in an available service to upload arbitrary files, which if executed could result in full system compromise, affecting confidentiality, integrity, and availability. SAP resolved this issue by restricting access to the vulnerable web service exclusively to administrative users. A temporary workaround is available and described in KBA 3646072. It should only be used if patches cannot be immediately applied and must be assessed for applicability to the specific SAP landscape. SAP strongly recommends applying the permanent fix as soon as possible. CVSS v3\u00a0Base Score <\/b>9,9<\/b><\/span>\/ 10 <\/b> [CVE-2025-42922<\/a>]<\/b><\/div>\n<\/li>\n
    3. \n
      Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform <\/b>(update)\u00a0(<\/b>3302162<\/a><\/b>): <\/b>In SAP, a directory traversal vulnerability in program SAPRSBRO\u00a0allows an attacker with non-administrative authorizations to overwrite system files. While no data can be read, critical OS files may be replaced, leading to system unavailability. In the current version (v11, 9th September 2025), the note was re-released with updated Correction Instruction information.\u00a0To resolve the issue, customers must implement the referenced Support Package or apply the attached coding corrections, which disable execution of the vulnerable program. For further details, SAP Note 3311360 provides additional guidance.\u00a0CVSS v3\u00a0Base Score <\/b>9,6<\/b><\/span>\/ 10\u00a0 <\/b>[CVE-2023-27500<\/a>]<\/b><\/div>\n<\/li>\n
    4. \n
      \u00a0<\/b>Missing Authentication check in SAP NetWeaver<\/b>\u00a0(<\/b>3627373<\/a><\/b>): <\/b>In SAP NetWeaver on IBM i-series, a missing authentication check allows highly privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative functions, severely impacting confidentiality, integrity, and availability. Systems are affected when multiple SAP system IDs (SIDs) are configured in one logical partition (LPAR). SAP resolved the issue by enforcing proper access restrictions and limiting SAP user profile rights. The fix is delivered via updated kernel patch levels (hotfix ILE.SAR<\/code>\u00a0or SP Stack Kernel files SAPEXE.SAR<\/code>\u00a0and SAPEXEDB.SAR<\/code>). Customers should apply the latest available SP Stack Kernel or hotfix as recommended in the note and related kernel guidance.\u00a0No workaround is available; applying the kernel patch is mandatory.\u00a0CVSS v3\u00a0Base Score <\/b>9,1<\/b><\/span>\/ 10 <\/b>[CVE-2025-42958<\/a>]<\/b><\/div>\n<\/li>\n
    5. \n
    6. \n
    7. \n
    8. \n
      Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection) <\/b>(update)\u00a0(<\/b>3581811<\/a><\/b>):<\/b>\u00a0In SAP Solution Manager, a directory traversal vulnerability in an RFC-enabled function module allows an authorized attacker to read files from any managed system, potentially exposing critical information and impacting confidentiality, though integrity and availability are unaffected. In the current version (v8, 9th September 2025), the note was re-released with updated Correction Instructions.\u00a0SAP fixed the issue by enforcing proper path checks in the Service Data Collection function module to prevent arbitrary file reads. Customers must implement the referenced Correction Instructions<\/i>\u00a0or Support Packages<\/i>. No workaround is available; applying the correction is required. CVSS v3\u00a0Base Score <\/b>7,7<\/b><\/span>\/ 10\u00a0 [CVE-2025-27428<\/a>]<\/b><\/div>\n<\/li>\n<\/ol>\n

      Reference links<\/strong><\/h3>\n

      Other references, from SAP and Onapsis (september):<\/p>\n

      SAP Security Patch Day – September 2025<\/a><\/b><\/p>\n

      SAP Patch Day: September 2025 – Onapsis<\/a><\/b><\/p>\n

       <\/p>\n

      Resources affected<\/u><\/strong><\/p>\n

      \n

      The full list of affected systems\/components is as follows:<\/p>\n

      SAP NetWeaver<\/b><\/div>\n
        \n
      • \n
        RMI-P4: SERVERCORE 7.50<\/div>\n<\/li>\n
      • \n
        Application Server Java (Deploy Web Service): J2EE-APPS 7.50<\/div>\n<\/li>\n
      • \n
        AS for ABAP and ABAP Platform: 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757<\/div>\n<\/li>\n
      • \n
        ABAP Platform \/ Service Data Collection: ST-PI 2008_1_700, 2008_1_710, 740<\/div>\n<\/li>\n
      • \n
        Application Server Java (IIOP Service): SERVERCORE 7.50<\/div>\n<\/li>\n
      • \n
        Application Server Java: WD-RUNTIME 7.50<\/div>\n<\/li>\n
      • \n
        Service Data Download: SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 816<\/div>\n<\/li>\n<\/ul>\n
        SAP Business One (SLD)<\/b><\/div>\n
          \n
        • \n
          B1_ON_HANA 10.0, SAP-M-BO 10.0<\/div>\n<\/li>\n<\/ul>\n
          SAP Landscape Transformation<\/b><\/div>\n
            \n
          • \n
            Replication Server: DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020<\/div>\n<\/li>\n<\/ul>\n
            SAP S\/4HANA (Private Cloud or On-Premise)<\/b><\/div>\n
              \n
            • \n
              S4CORE 102, 103, 104, 105, 106, 107, 108<\/div>\n<\/li>\n<\/ul>\n
              SAP Business Planning and Consolidation (BPC)<\/b><\/div>\n
                \n
              • \n
                BPC4HANA 200, 300, SAP_BW 750\u2013758, 816, 914, CPMBPC 810<\/div>\n<\/li>\n<\/ul>\n
                SAP HCM (Fiori apps)<\/b><\/div>\n
                  \n
                • \n
                  My Timesheet \/ Approve Timesheets Fiori 2.0: GBX01HR5 605<\/div>\n<\/li>\n<\/ul>\n
                  SAP BusinessObjects Business Intelligence Platform<\/b><\/div>\n
                    \n
                  • \n
                    ENTERPRISE 430, 2025, 2027<\/div>\n<\/li>\n<\/ul>\n
                    SAP Supplier Relationship Management (SRM)<\/b><\/div>\n
                      \n
                    • \n
                      SRM_SERVER 700, 701, 702, 713, 714<\/div>\n<\/li>\n<\/ul>\n
                      SAP NetWeaver ABAP Platform<\/b><\/div>\n
                        \n
                      • \n
                        S4CRM 100, 200, 204, 205, 206; S4CEXT 109; BBPCRM 713, 714<\/div>\n<\/li>\n<\/ul>\n
                        SAP Fiori Apps<\/b><\/div>\n
                          \n
                        • \n
                          Manage Payment Blocks: S4CORE 107, 108<\/div>\n<\/li>\n
                        • \n
                          F4044 Manage Work Center Groups: UIS4HOP1 600, 700, 800, 900<\/div>\n<\/li>\n
                        • \n
                          Launchpad: SAP_UI 754<\/div>\n<\/li>\n<\/ul>\n
                          SAP Commerce Cloud \/ SAP Datahub<\/b><\/div>\n
                            \n
                          • \n
                            HY_COM 2205, HY_DHUB 2205, COM_CLOUD 2211, DHUB_CLOUD 2211<\/div>\n<\/li>\n<\/ul>\n
                            SAP NetWeaver AS Java (Adobe Document Service)<\/b><\/div>\n
                              \n
                            • \n
                              ADSSAP 7.50<\/div>\n<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

                              Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. September 2025 Notes Monthly Summary and Highlights This month the total number has been 21 notes, 2 more than in the previous month. This month we had 4 Hot News, 1 more than…<\/p>\n","protected":false},"author":6,"featured_media":13598,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[95,61],"tags":[150],"class_list":["post-13596","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-notes","category-sap-security-en-2","tag-sap-notes"],"acf":[],"yoast_head":"\nSAP Security Notes, September 2025 - Inprosec<\/title>\n<meta name=\"description\" content=\"All updates to SAP systems notes from september 2025, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes, September 2025\" \/>\n<meta property=\"og:description\" content=\"All updates to SAP systems notes from september 2025, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-11T07:28:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/09\/notas-sap-septiembre-2025.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"SAP Security Notes, September 2025\",\"datePublished\":\"2025-09-11T07:28:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/\"},\"wordCount\":1464,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/notas-sap-septiembre-2025.jpg\",\"keywords\":[\"SAP Notes\"],\"articleSection\":[\"SAP Notes\",\"SAP Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/\",\"name\":\"SAP Security Notes, September 2025 - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/notas-sap-septiembre-2025.jpg\",\"datePublished\":\"2025-09-11T07:28:19+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"description\":\"All updates to SAP systems notes from september 2025, to stay current and improve the security levels of your SAP systems.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/notas-sap-septiembre-2025.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/notas-sap-septiembre-2025.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-september-2025\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes, September 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Notes, September 2025 - Inprosec","description":"All updates to SAP systems notes from september 2025, to stay current and improve the security levels of your SAP systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes, September 2025","og_description":"All updates to SAP systems notes from september 2025, to stay current and improve the security levels of your SAP systems.","og_url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/","og_site_name":"Inprosec","article_published_time":"2025-09-11T07:28:19+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/09\/notas-sap-septiembre-2025.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"SAP Security Notes, September 2025","datePublished":"2025-09-11T07:28:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/"},"wordCount":1464,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/09\/notas-sap-septiembre-2025.jpg","keywords":["SAP Notes"],"articleSection":["SAP Notes","SAP Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/","url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/","name":"SAP Security Notes, September 2025 - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/09\/notas-sap-septiembre-2025.jpg","datePublished":"2025-09-11T07:28:19+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"description":"All updates to SAP systems notes from september 2025, to stay current and improve the security levels of your SAP systems.","breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/09\/notas-sap-septiembre-2025.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/09\/notas-sap-septiembre-2025.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-september-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes, September 2025"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=13596"}],"version-history":[{"count":1,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13596\/revisions"}],"predecessor-version":[{"id":13600,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13596\/revisions\/13600"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/13598"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=13596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=13596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=13596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}