{"id":13804,"date":"2025-12-18T10:54:43","date_gmt":"2025-12-18T08:54:43","guid":{"rendered":"https:\/\/www.inprosec.com\/?p=13804"},"modified":"2025-12-18T10:54:43","modified_gmt":"2025-12-18T08:54:43","slug":"sap-security-notes-december-2025","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/","title":{"rendered":"SAP Security Notes, December 2025"},"content":{"rendered":"

Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems.<\/strong><\/p>\n\n

\n

<\/h2>\n

December 2025 Notes<\/h2>\n

Summary and Highlights of the Month<\/h3>\n
\n
\n

This month, the total number was 14 notes, 6 fewer than in the previous month. This month we had 3 Hot News, the same number as in the previous period. Regarding high-criticality notes, there are 5, a considerable increase compared to the previous period, since there was only one. Medium and low notes will not be reviewed, therefore we will provide details for a total of 8 notes<\/b> (all those with a CVSS of 7<\/b> or higher).We have a total of 14 notes<\/b> for the entire month (all 14 are new and there are no updates to notes published in previous months).<\/p>\n

We will review in detail a total of 8 notes, all of them high-criticality and Hot News:<\/p>\n

    \n
  1. \n
    The highest-criticality note of the month (CVSS<\/b> <\/b>9.9<\/b>)<\/b> is a Hot News and is related to “Code Injection vulnerability in SAP Solution Manager”.<\/b><\/div>\n<\/li>\n
  2. \n
    The next in terms of criticality (CVSS<\/b> 9.6<\/b>)<\/b> is another Hot News, the second of the month, and is related to “Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud”<\/b>.<\/div>\n<\/li>\n
  3. \n
    The next in terms of criticality (CVSS<\/b> 9.1<\/b>)<\/b> is the last Hot News of the month, and is related to “Deserialization Vulnerability in SAP jConnect – SDK for ASE”<\/b>.<\/div>\n<\/li>\n
  4. \n
    The next in terms of criticality (CVSS<\/b> 8.2<\/b>)<\/b> is the first high-criticality note, and it is related to “Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)”<\/b>.<\/div>\n<\/li>\n
  5. \n
    The next in terms of criticality (CVSS<\/b> 7.9<\/b>)<\/b> is the second high-criticality note, and it is related to “Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius)”<\/b>.<\/div>\n<\/li>\n
  6. \n
    The next in terms of criticality (CVSS<\/b> 7.5<\/b>)<\/b> consist of 2 high-criticality notes, and they are related to “Denial of service (DOS) in SAP Business Objects”<\/b> and “Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server”<\/b>.<\/div>\n<\/li>\n
  7. \n
    The next in terms of criticality (CVSS<\/b> 7.1<\/b>)<\/b> is the last high-criticality note we will analyze this month, and it is related to “Missing Authorization Check in SAP S\/4 HANA Private Cloud (Financials General Ledger)”<\/b>.<\/div>\n<\/li>\n
  8. \n
    This month, despite the significant decrease in the number of notes (one of the months with the lowest number of notes of the year), 57% of them have a criticality of 7 or higher, so they are quite relevant.<\/div>\n<\/li>\n
  9. \n
    This month, the most predominant type has been “Denial of service (DOS)” (3\/20 on patch day)<\/b>.<\/div>\n<\/li>\n<\/ol>\n

     <\/p>\n

    In the chart we can see the classification of the December notes<\/u><\/b>, as well as the evolution and classification of the previous 5 months (only notes from Sec. Tuesday \/ Patch Day \u2013 by SAP):<\/p>\n<\/div>\n<\/div>\n

    \"\"<\/p>\n

    Full details<\/h3>\n

    The complete detail of the most relevant notes<\/strong> is as follows:<\/p>\n

      \n
    1. \n
    2. \n
      Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud <\/b>(<\/u><\/b>3683579<\/a><\/b>)<\/u>:<\/b>\u00a0SAP Commerce Cloud is exposed to two Apache Tomcat vulnerabilities\u2014console manipulation via crafted URLs and relative path traversal \u2014 due to shipping with affected Tomcat versions. If the prerequisites described in the CVEs are met, an attacker could compromise confidentiality, integrity, and availability. SAP resolves the issue by upgrading Tomcat to secure versions included in Patch Release 2205.45, Update Release 2211.47, and Update Release 2211-jdk21.5. Customers must download the updated releases from the SAP Support Portal, rebuild, and redeploy their environments following the respective Public Cloud or On-Premise deployment guidelines. No workaround is available. CVSS v3\u00a0Base Score <\/b>9,6<\/b>\/ 10 <\/b> [CVE-2025-55754<\/a>]<\/b><\/div>\n<\/li>\n
    3. \n
      Deserialization Vulnerability in SAP jConnect – SDK for ASE<\/b>\u00a0(<\/b>3685286<\/a><\/b>): <\/b>SAP jConnect contains a deserialization vulnerability that, under specific conditions, allows a high-privileged user to achieve remote code execution\u00a0by supplying specially crafted input. This results in a high impact on confidentiality, integrity, and availability. The issue stems from accepting unsupported or arbitrary user-controlled input without proper validation. SAP resolves the vulnerability by disabling serialization and deserialization of the affected input values within the jConnect JDBC driver and by restricting allowable values for the relevant connection property, thereby preventing RCE. Customers must upgrade to one of the corrected versions: SDK for SAP ASE 16.0 SP04 PL08\u00a0or SDK for SAP ASE 16.1 SP00 PL01 HF1. No workaround is available.\u00a0CVSS v3\u00a0Base Score <\/b>9,1<\/b>\/ 10 <\/b>[CVE-2025-42928<\/a>]<\/b><\/div>\n<\/li>\n
    4. \n
      Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)<\/b>\u00a0(<\/b>3684682<\/a><\/b>): <\/b>SAP Web Dispatcher and ICM may expose internal testing interfaces through the icm\/HTTP\/icm_test_<x>\u00a0parameter, which is not intended for production use. If explicitly enabled, unauthenticated attackers could access internal diagnostics, send crafted requests, or disrupt services, resulting in high impact on confidentiality and availability and low impact on integrity. The vulnerability\u00a0affects standalone Web Dispatcher installations, the Web Dispatcher in SAP HANA XSC\/XSA, and ICM in SAP NetWeaver AS ABAP and Java. The fix requires manually removing all icm\/HTTP\/icm_test_<x>\u00a0parameters from DEFAULT and instance profiles (e.g., icm\/HTTP\/icm_test_0, icm\/HTTP\/icm_test_1, etc.) and then restarting the Web Dispatcher or application server. No workaround is available beyond applying the prescribed manual correction.\u00a0CVSS v3\u00a0Base Score <\/b>8,2<\/b>\/ 10 <\/b>[CVE-2025-42878<\/a>]<\/b><\/div>\n<\/li>\n
    5. \n
      Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius)<\/b>\u00a0(<\/b>3640185<\/a><\/b>): <\/b>SAP NetWeaver\u2019s remote service for Xcelsius contains a vulnerability\u00a0that allows an attacker with network access and high privileges to execute arbitrary code due to insufficient input validation and improper handling of remote method calls. No user interaction is required. Successful exploitation can cause service disruption or unauthorized system control, resulting in high impact on integrity and availability, with no confidentiality impact. The fix removes the Xcelsius remote service entirely. Customers must apply the relevant Support Package or BI Java patch for SAP NetWeaver BI 7.50, as detailed in SAP Note 3539090 and associated delivery notes. Xcelsius itself is end-of-life, and this security note formally discontinues its remote service. A temporary workaround is available through manual steps provided in the note, but SAP strongly recommends applying the official corrections since the workaround is not a permanent solution.\u00a0CVSS v3\u00a0Base Score <\/b>7,9<\/b>\/ 10 [CVE-2025-42874<\/a>]<\/b><\/div>\n
      \n
      \u00a0<\/b><\/div>\n<\/div>\n<\/li>\n
    6. \n
      Denial of service (DOS) in SAP Business Objects<\/b>\u00a0(<\/b>3650226<\/a><\/b>): <\/b>SAP Business Objects is vulnerable to denial-of-service attacks\u00a0due to improper request handling and insufficient resource management. An unauthenticated attacker can overload the service, causing long response delays or complete interruption, with no impact on confidentiality or integrity but a high impact on availability. The issue originates from third-party components that do not adequately restrict or manage incoming requests. The fix updates these components to secure, non-vulnerable versions that enforce stronger resource controls. Customers should apply the patches referenced in the \u201cSupport Packages & Patches\u201d section of the security note and consult Knowledge Base Article 2144559 for the BI Platform maintenance strategy.\u00a0CVSS v3\u00a0Base Score <\/b>7,5<\/b>\/\u00a010 [CVE-2025-48976<\/a>]<\/b><\/div>\n
      \n
      \u00a0<\/b><\/div>\n<\/div>\n<\/li>\n
    7. \n
      Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server<\/b>\u00a0(<\/b>3677544<\/a><\/b>): <\/b>SAP Web Dispatcher, ICM, and SAP Content Server contain a memory corruption vulnerability\u00a0caused by logical errors in internal memory handling. An unauthenticated attacker can exploit these flaws to trigger buffer overflows, heap corruption, and related issues, resulting in a high impact on system availability, though confidentiality and integrity remain unaffected. The issue affects ICM in SAP NetWeaver ABAP and Java, SAP Web Dispatcher in XSA versions below 1.4.0, and specific SAP Content Server releases listed in the note. The fix corrects the faulty memory logic and is delivered through updated kernel and component patches. Standalone and embedded Web Dispatchers, ICM, and Content Server must be patched using the appropriate kernel archives (SAPWEBDISP.SAR, dw.sar, SAPEXE.SAR, SAPEXEDB.SAR, SAPCS.SAR), following SAP\u2019s kernel update guidance and relevant notes. XSA systems must be upgraded to version 1.4.0 or later. As a consistent rule, only the latest kernel or Content Server patch level should be applied. No workaround exists.\u00a0CVSS v3\u00a0Base Score <\/b>7,5<\/b>\/ 10 [CVE-2025-42877<\/a>]<\/b><\/div>\n
      \n
      \u00a0<\/b><\/div>\n<\/div>\n<\/li>\n
    8. \n
      Missing Authorization Check in SAP S\/4 HANA Private Cloud (Financials General Ledger)<\/b>\u00a0(<\/b>3672151<\/a><\/b>): <\/b>This vulnerability in SAP S\/4HANA Private Cloud (Financials General Ledger) results from a programming error introduced in ECS logic, causing missing authorization checks. An authenticated attacker restricted to a single company code could improperly read sensitive data or create and modify documents across all\u00a0company codes, posing a high confidentiality\u00a0and low integrity\u00a0impact, with no effect on availability. The fix enforces correct authorization validation, and customers should apply the referenced correction instructions or support packages to fully remediate the issue. A temporary workaround is available via functional SAP Note 3673002, but SAP strongly recommends implementing the permanent corrections as soon as possible.\u00a0CVSS v3\u00a0Base Score <\/b>7,1<\/b>\/ 10 [CVE-2025-42876<\/a>]<\/b><\/div>\n<\/li>\n<\/ol>\n

      Reference links<\/strong><\/h3>\n

      Other references, from SAP and Onapsis (december):<\/p>\n

      SAP Security Patch Day – December 2025<\/a><\/b><\/p>\n

      SAP Patch Day: December 2025 – Onapsis<\/a><\/b><\/p>\n

       <\/p>\n

      Resources affected<\/u><\/strong><\/p>\n

      \n

      The full list of affected systems\/components is as follows:<\/p>\n

      \n
        \n
      • SAP Solution Manager\u00a0\u2013<\/b> ST 720<\/li>\n
      • SAP Commerce Cloud\u00a0\u2013 <\/b>HY_COM 2205, COM_CLOUD 2211, COM_CLOUD 2211-JDK21<\/li>\n
      • SAP jConnect \u2013 SDK for ASE\u00a0\u2013 <\/b>SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4, 16.1<\/li>\n
      • SAP Web Dispatcher and Internet Communication Manager (ICM)\u00a0\u2013<\/b> KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, WEBDISP 7.22_EXT, 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16<\/li>\n
      • SAP NetWeaver (remote service for Xcelsius)\u00a0\u2013 <\/b>BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50, BIWEBAPP 7.50<\/li>\n
      • SAP Business Objects\u00a0\u2013 <\/b>ENTERPRISE 430, 2025, 2027<\/li>\n
      • SAP Web Dispatcher, Internet Communication Manager and SAP Content Server\u00a0\u2013<\/b> KRNL64UC 7.53, WEBDISP 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, CONTSERV 7.53, 7.54, KERNEL 7.53, 7.54<\/li>\n
      • SAP S\/4 HANA Private Cloud (Financials General Ledger)\u00a0\u2013<\/b> S4CORE 104, 105, 106, 107, 108, 109<\/li>\n
      • SAP NetWeaver Internet Communication Framework\u00a0\u2013 <\/b>SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758<\/li>\n
      • Application Server ABAP\u00a0\u2013<\/b> KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.17<\/li>\n
      • SAP NetWeaver Enterprise Portal\u00a0\u2013 <\/b>EP-RUNTIME 7.50<\/li>\n
      • SAPUI5 framework (Markdown-it component)\u00a0\u2013<\/b> SAP_UI 755, 756, 757, 758<\/li>\n
      • SAP Enterprise Search for ABAP\u00a0\u2013 <\/b>SAP_BASIS 752, 753, 754, 755, 756, 757, 758, 816<\/li>\n
      • SAP BusinessObjects Business Intelligence Platform\u00a0\u2013 <\/b>ENTERPRISE 430, 2025, 2027<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

        Inprosec through its services, such as the SAP Security Assessment, helps its customers to improve the security levels of their SAP systems. December 2025 Notes Summary and Highlights of the Month This month, the total number was 14 notes, 6 fewer than in the previous month. This month we had 3 Hot News, the same…<\/p>\n","protected":false},"author":6,"featured_media":13806,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[95,61],"tags":[150],"class_list":["post-13804","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-notes","category-sap-security-en-2","tag-sap-notes"],"acf":[],"yoast_head":"\nSAP Security Notes, December 2025 - Inprosec<\/title>\n<meta name=\"description\" content=\"All updates to SAP systems notes from december 2025, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes, December 2025\" \/>\n<meta property=\"og:description\" content=\"All updates to SAP systems notes from december 2025, to stay current and improve the security levels of your SAP systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-18T08:54:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/12\/notas-sap-diciembre-2025.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"SAP Security Notes, December 2025\",\"datePublished\":\"2025-12-18T08:54:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/\"},\"wordCount\":1646,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/notas-sap-diciembre-2025.jpg\",\"keywords\":[\"SAP Notes\"],\"articleSection\":[\"SAP Notes\",\"SAP Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/\",\"name\":\"SAP Security Notes, December 2025 - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/notas-sap-diciembre-2025.jpg\",\"datePublished\":\"2025-12-18T08:54:43+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"description\":\"All updates to SAP systems notes from december 2025, to stay current and improve the security levels of your SAP systems.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/notas-sap-diciembre-2025.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/notas-sap-diciembre-2025.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/sap-security-notes-december-2025\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes, December 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Security Notes, December 2025 - Inprosec","description":"All updates to SAP systems notes from december 2025, to stay current and improve the security levels of your SAP systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes, December 2025","og_description":"All updates to SAP systems notes from december 2025, to stay current and improve the security levels of your SAP systems.","og_url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/","og_site_name":"Inprosec","article_published_time":"2025-12-18T08:54:43+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/12\/notas-sap-diciembre-2025.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"SAP Security Notes, December 2025","datePublished":"2025-12-18T08:54:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/"},"wordCount":1646,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/12\/notas-sap-diciembre-2025.jpg","keywords":["SAP Notes"],"articleSection":["SAP Notes","SAP Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/","url":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/","name":"SAP Security Notes, December 2025 - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/12\/notas-sap-diciembre-2025.jpg","datePublished":"2025-12-18T08:54:43+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"description":"All updates to SAP systems notes from december 2025, to stay current and improve the security levels of your SAP systems.","breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/12\/notas-sap-diciembre-2025.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/12\/notas-sap-diciembre-2025.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/sap-security-notes-december-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes, December 2025"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13804","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=13804"}],"version-history":[{"count":2,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13804\/revisions"}],"predecessor-version":[{"id":13809,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13804\/revisions\/13809"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/13806"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=13804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=13804"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=13804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}