{"id":13651,"date":"2025-10-16T09:52:27","date_gmt":"2025-10-16T07:52:27","guid":{"rendered":"https:\/\/www.inprosec.com\/?p=13651"},"modified":"2025-10-16T09:52:27","modified_gmt":"2025-10-16T07:52:27","slug":"sap-security-notes-october-2025","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/","title":{"rendered":"SAP Security Notes, October 2025"},"content":{"rendered":"

Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems.<\/strong><\/p>\n\n

October 2025 Notes<\/h2>\n

Monthly Summary and Highlights<\/h3>\n
\n

This month, the total number of notes is 17, which is 4 fewer than the previous month. We have 4 Hot News this month, the same as in the previous period. As for high-severity notes, there are 2, which is two fewer than last month. Medium and low-severity notes will not be reviewed, so we will provide details on a total of 6 notes<\/b> (all those with a CVSS score of 7<\/b> or higher).<\/p>\n

We have a total of 17 notes<\/b> for the entire month (13 new and 4 updates to notes published in previous months).<\/p>\n

We will review in detail a total of 6 notes, all of them classified as high severity and Hot News:<\/p>\n

    \n
  1. \n
    The two highest-severity notes of the month (CVSS<\/b> 10<\/b><\/span>)<\/b> are Hot News with the maximum criticality score. One of the notes is new, and the other is an update to one published last month. They are related to “Security Hardening for Insecure Deserialization in SAP NetWeaver AS Java”<\/b> and “Insecure Deserialization vulnerability in SAP NetWeaver (RMI-P4)”<\/b>, respectively.<\/div>\n<\/li>\n
  2. \n
    The next one in severity (CVSS <\/b>9.8<\/b><\/span>)<\/b> is another Hot News related to “Directory Traversal vulnerability in SAP Print Service”<\/b>.<\/div>\n<\/li>\n
  3. \n
    The next one in severity (CVSS <\/b>9.0<\/b><\/span>)<\/b> is the last Hot News of the month and is an update to one published in March 2023. It is related to “Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management”<\/b>.<\/div>\n<\/li>\n
  4. \n
    The next note in severity (CVSS <\/b>7.5<\/b><\/span>)<\/b> is the first high-severity note, and it concerns “Denial of Service (DoS) in SAP Commerce Cloud (Search and Navigation)”<\/b>.<\/div>\n<\/li>\n
  5. \n
    Finally, the last note we will analyze, with a severity of (CVSS <\/b>7.1<\/b><\/span>)<\/b>, is related to “Security Misconfiguration vulnerability in SAP Data Hub Integration Suite”<\/b>.<\/div>\n<\/li>\n
  6. \n
    This month, the most predominant types have been “Directory Traversal vulnerability”<\/b> and “Insecure Deserialization vulnerability”<\/b> (2\/13 on the patch day for both).<\/div>\n<\/li>\n<\/ol>\n

    In the chart below, we can see the classification of the October notes<\/u><\/b>, as well as the evolution and classification for the previous 5 months (only Security Tuesday \/ Patch Day notes \u2013 by SAP):<\/p>\n<\/div>\n

    \"\"<\/p>\n

    Full details<\/h3>\n

    The complete detail of the most relevant notes<\/strong> is as follows:<\/p>\n

      \n
    1. \n
      Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4) <\/b>(update) (<\/u><\/b>3634501<\/a><\/b>)<\/u>:<\/b>\u00a0Due to a deserialization vulnerability in SAP NetWeaver (RMI-P4), an unauthenticated attacker could exploit the system by sending malicious payloads to an open port, potentially leading to arbitrary OS command execution and a full compromise of confidentiality, integrity, and availability. The issue has been fixed by updating the affected P4-Lib component to enforce secure deserialization handling and restrict untrusted Java objects via the RMI-P4 module. SAP recommends implementing the patches listed in the \u201cSupport Packages & Patches\u201d section and ensuring the Java Virtual Machine version is higher than Java 8u121 (refer to Note 2695197), while also reviewing Note 1974464 to avoid incompatibilities. For additional information, see Note 3637718 and, for further hardening, apply Note 3660659. If patching is not immediately possible, a temporary workaround involves isolating the system at the network level so that P4 and P4S ports are not accessible from insecure networks, ensuring these ports are reachable only from trusted systems through firewall rules or IP filtering. Once the patch is applied, the workaround can be rolled back.\u00a0CVSS v3\u00a0Base Score <\/b>10<\/b>\/ 10 <\/b>[CVE-2025-42944<\/a>]<\/b><\/div>\n<\/li>\n
    2. \n
      Security Hardening for Insecure Deserialization in SAP NetWeaver AS Java <\/b>(<\/u><\/b>3660659<\/a><\/b>)<\/u>:<\/b>\u00a0SAP NetWeaver AS Java is vulnerable to remote code execution due to insecure deserialization of JDK and third-party classes, where specially crafted input could be deserialized by the AS Java runtime. Although no new CVE was issued, this advisory serves as a hardening measure linked to [CVE-2025-42944] with a CVSS score of 10.0 (Critical). The issue is resolved by blocking vulnerable JDK and third-party classes through a configuration-based patch that prevents insecure deserialization and enhances security for systems affected by the RMI\/P4 vulnerability (SAP Note 3634501). To apply the fix, ensure a Java Virtual Machine version higher than Java 8u121 is installed (per KBA 2695197), and that the ‘bootstrap.properties'<\/code>\u00a0file includes the property ‘element.resynch=DETECT'<\/code>\u00a0(SAP Note 710663). SAP also recommends checking Note 1974464 for compatibility guidance before applying the update. For more information, refer to FAQ KBA 3663688. A workaround may be considered depending on system applicability, though applying the patch remains the recommended permanent solution. CVSS v3\u00a0Base Score <\/b>10<\/b><\/span>\/ 10 <\/b>[CVE-2025-42944<\/a>]<\/b><\/div>\n<\/li>\n
    3. \n
      Directory Traversal vulnerability in SAP Print Service<\/b>\u00a0(<\/b>3630595<\/a><\/b>): <\/b>SAP Print Service (SAPSprint) is affected by a path traversal vulnerability due to insufficient validation of user-provided path information. An unauthenticated attacker could exploit this flaw to traverse directories and overwrite system files, leading to a high impact on the confidentiality, integrity, and availability of the application (CVE-2025-42937). The issue has been resolved by introducing proper validation of path inputs within SAPSprint. Users are advised to implement the patches listed in the \u201cSupport Packages & Patches\u201d section of this SAP Security Note. For further details, refer to FAQ Note 3636888. No workaround is available for this vulnerability.\u00a0CVSS v3\u00a0Base Score <\/b>9,8<\/b><\/span>\/ 10 <\/b>[CVE-2025-42937<\/a>]<\/b><\/div>\n<\/li>\n
    4. \n
      Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management<\/b>\u00a0(<\/b>3647332<\/a><\/b>): <\/b>SAP Supplier Relationship Management is affected by an unrestricted file upload vulnerability caused by missing verification of file type or content. An authenticated attacker could exploit this flaw to upload arbitrary files, including executables that might be downloaded and executed by users, potentially leading to malware infections. Successful exploitation could result in a high impact on the confidentiality, integrity, and availability of the application (CVE-2025-42910). The issue has been resolved by implementing proper validation of MIME types and file extensions. Users should apply the Correction Instructions or Support Packages referenced in this SAP Security Note. No workaround is available.\u00a0CVSS v3\u00a0Base Score <\/b>9,0<\/b><\/span>\/ 10 <\/b>[CVE-2025-42910<\/a>]<\/b><\/div>\n<\/li>\n
    5. \n
      Denial of service (DOS) in SAP Commerce Cloud (Search and Navigation)<\/b>\u00a0(<\/b>3664466<\/a><\/b>): <\/b>SAP Commerce Cloud Search and Navigation is vulnerable to a denial-of-service (DoS) attack caused by a flaw in the HTTP\/2 protocol within the Jetty library. A malicious client could send crafted requests that force the server to reset streams repeatedly, consuming excessive resources and leading to service disruption. This issue has a high impact on availability but does not affect confidentiality or integrity (CVE-2025-5115). The vulnerability is resolved by upgrading the Jetty http2-common library to the latest version, included in SAP Commerce Cloud Patch Releases 2211-jdk21.2, 2211.45, and 2205.43. Customers should install these or later patches, rebuild, and redeploy their SAP Commerce environments according to the deployment instructions provided in the SAP Support Portal.\u00a0CVSS v3\u00a0Base Score <\/b> 7,5<\/b><\/span>\/ 10 <\/b>[CVE-2025-5115<\/a>]<\/b><\/div>\n<\/li>\n
    6. \n
      Security Misconfiguration vulnerability in SAP Data Hub Integration Suite\u00a0(<\/b>3658838<\/a><\/b>): <\/b>SAP Datahub Suite is affected by a vulnerability due to the use of Apache CXF 3.5.1 libraries with JMS\/JNDI configurations, allowing an unauthenticated attacker to inject malicious RMI\/LDAP endpoints (CVE-2025-48913). This could result in remote code execution, leading to a high impact on the confidentiality, integrity, and availability of the application. The issue is resolved by upgrading Apache CXF to version 3.6.8, which includes secure versions of multiple CXF components such as cxf-core, cxf-rt-bindings-soap, and cxf-rt-frontend-jaxws. Customers are advised to apply the SAP Commerce Integration Extension Pack Patch Release 2205.17, which contains the updated, non-vulnerable libraries. CVSS v3\u00a0Base Score <\/b>7,1<\/b><\/span>\/ 10 [CVE-2025-48913<\/a>]<\/b><\/div>\n<\/li>\n<\/ol>\n

      Reference links<\/strong><\/h3>\n

      Other references, from SAP and Onapsis (october):<\/p>\n

      SAP Security Patch Day – October 2025<\/a><\/b><\/p>\n

      SAP Patch Day: October 2025 – Onapsis<\/a><\/b><\/p>\n

       <\/p>\n

      Resources affected<\/u><\/strong><\/p>\n

      \n

      The full list of affected systems\/components is as follows:<\/p>\n

      \n
        \n
      • \n
        SAP NetWeaver AS Java\u00a0\u2013 SERVERCORE 7.50, J2EE-APPS 7.50, ADSSAP 7.50, WD-RUNTIME 7.50<\/div>\n<\/li>\n
      • \n
        SAP NetWeaver AS ABAP\u00a0\u2013 SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 816<\/div>\n<\/li>\n
      • \n
        SAP NetWeaver (Generic \/ RMI-P4 \/ Service Data Download \/ Background Processing)\u00a0\u2013 SAP_ABA 700\u201375I, ST-PI 2008_1_700, 2008_1_710, 740<\/div>\n<\/li>\n
      • \n
        SAP NetWeaver Kernel Components\u00a0\u2013 KRNL64UC 7.22, 7.22EXT, KRNL64NUC 7.22, 7.22EXT, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.12, 9.14, 9.15, 9.16<\/div>\n<\/li>\n
      • \n
        SAP NetWeaver Application Server ABAP (SAP GUI for HTML)\u00a0\u2013 KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.12, 9.14<\/div>\n<\/li>\n
      • \n
        SAP Print Service\u00a0\u2013 SAPSPRINT 8.00, 8.10<\/div>\n<\/li>\n
      • \n
        SAP S\/4HANA (Private Cloud or On-Premise)\u00a0\u2013 S4CORE 102, 103, 104, 105, 106, 107, 108, 109<\/div>\n<\/li>\n
      • \n
        SAP S\/4HANA (Manage Processing Rules – For Bank Statements)\u00a0\u2013 S4CORE 104\u2013109<\/div>\n<\/li>\n
      • \n
        SAP S\/4HANA (Manage Central Purchase Contract)\u00a0\u2013 S4CORE 106\u2013108<\/div>\n<\/li>\n
      • \n
        SAP S\/4HANA (Fiori App – Manage Payment Blocks)\u00a0\u2013 S4CORE 107\u2013108<\/div>\n<\/li>\n
      • \n
        SAP Business One (SLD)\u00a0\u2013 B1_ON_HANA 10.0, SAP-M-BO 10.0<\/div>\n<\/li>\n
      • \n
        SAP Landscape Transformation Replication Server\u00a0\u2013 DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020<\/div>\n<\/li>\n
      • \n
        SAP HCM (My Timesheet Fiori 2.0 Application)\u00a0\u2013 GBX01HR5 605<\/div>\n<\/li>\n
      • \n
        SAP HCM (Approve Timesheets Fiori 2.0 Application)\u00a0\u2013 GBX01HR5 605<\/div>\n<\/li>\n
      • \n
        SAP Fiori (Launchpad)\u00a0\u2013 SAP_UI 754<\/div>\n<\/li>\n
      • \n
        SAP Fiori App (F4044 Manage Work Center Groups)\u00a0\u2013 UIS4HOP1 600, 700, 800, 900<\/div>\n<\/li>\n
      • \n
        SAP Commerce Cloud\u00a0\u2013 HY_COM 2205, COM_CLOUD 2211, 2211-JDK21<\/div>\n<\/li>\n
      • \n
        SAP Data Hub Integration Suite\u00a0\u2013 CX_DATAHUB_INT_PACK 2205<\/div>\n<\/li>\n
      • \n
        SAP Datahub\u00a0\u2013 HY_DHUB 2205, DHUB_CLOUD 2211<\/div>\n<\/li>\n
      • \n
        SAP BusinessObjects Business Intelligence Platform\u00a0\u2013 ENTERPRISE 430, 2025, 2027<\/div>\n<\/li>\n
      • \n
        SAP BusinessObjects (Web Intelligence and Platform Search)\u00a0\u2013 ENTERPRISE 430, 2025, 2027<\/div>\n<\/li>\n
      • \n
        SAP Supplier Relationship Management (SRM)\u00a0\u2013 SRM_SERVER 700, 701, 702, 713, 714<\/div>\n<\/li>\n
      • \n
        SAP Supplier Relationship Management (Unrestricted File Upload)\u00a0\u2013 SRMNXP01 100, 150<\/div>\n<\/li>\n
      • \n
        SAP Financial Service Claims Management\u00a0\u2013 INSURANCE 803, 804, 805, 806, S4CEXT 107, 108, 109<\/div>\n<\/li>\n
      • \n
        SAP Cloud Appliance Library Appliances\u00a0\u2013 TITANIUM_WEBAPP 4.0<\/div>\n<\/li>\n
      • \n
        SAP Business Planning and Consolidation\u00a0\u2013 BPC4HANA 200, 300, SAP_BW 750\u2013758, 816, 914, CPMBPC 810<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

        Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. October 2025 Notes Monthly Summary and Highlights This month, the total number of notes is 17, which is 4 fewer than the previous month. We have 4 Hot News this month, the same…<\/p>\n","protected":false},"author":6,"featured_media":13653,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[95,61],"tags":[150],"class_list":["post-13651","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-notes","category-sap-security-en-2","tag-sap-notes"],"acf":[],"yoast_head":"\nSAP Security Notes, October 2025 - Inprosec<\/title>\n<meta name=\"description\" content=\"All updates to SAP systems notes from october 2025, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes, October 2025\" \/>\n<meta property=\"og:description\" content=\"All updates to SAP systems notes from october 2025, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-16T07:52:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/10\/Portada-Notas-SAP.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"SAP Security Notes, October 2025\",\"datePublished\":\"2025-10-16T07:52:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/\"},\"wordCount\":1436,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Portada-Notas-SAP.jpg\",\"keywords\":[\"SAP Notes\"],\"articleSection\":[\"SAP Notes\",\"SAP Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/\",\"name\":\"SAP Security Notes, October 2025 - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Portada-Notas-SAP.jpg\",\"datePublished\":\"2025-10-16T07:52:27+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"description\":\"All updates to SAP systems notes from october 2025, to stay current and improve the security levels of your SAP systems.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Portada-Notas-SAP.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Portada-Notas-SAP.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-october-2025\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes, October 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Notes, October 2025 - Inprosec","description":"All updates to SAP systems notes from october 2025, to stay current and improve the security levels of your SAP systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes, October 2025","og_description":"All updates to SAP systems notes from october 2025, to stay current and improve the security levels of your SAP systems.","og_url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/","og_site_name":"Inprosec","article_published_time":"2025-10-16T07:52:27+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/10\/Portada-Notas-SAP.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"SAP Security Notes, October 2025","datePublished":"2025-10-16T07:52:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/"},"wordCount":1436,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/10\/Portada-Notas-SAP.jpg","keywords":["SAP Notes"],"articleSection":["SAP Notes","SAP Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/","url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/","name":"SAP Security Notes, October 2025 - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/10\/Portada-Notas-SAP.jpg","datePublished":"2025-10-16T07:52:27+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"description":"All updates to SAP systems notes from october 2025, to stay current and improve the security levels of your SAP systems.","breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/10\/Portada-Notas-SAP.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/10\/Portada-Notas-SAP.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-october-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes, October 2025"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=13651"}],"version-history":[{"count":1,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13651\/revisions"}],"predecessor-version":[{"id":13655,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13651\/revisions\/13655"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/13653"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=13651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=13651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=13651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}