Published On: Dec 14, 2025 20:53
Advisory No: TZCERT-SA-25-0129
Source: SAP
Software Affected: SAP Solution Manager, SAP Commerce Cloud, SAP jConnect - SDK for ASE
SAP products are vulnerable to critical vulnerabilities. Exploitation of these vulnerabilities may allow an unauthenticated attacker to execute arbitrary code.
SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect - SDK for ASE are affected by the vulnerabilities tracked as CVE-2025-42880, CVE-2025-55754, and CVE-2025-42928 with CVSS scores of 9.9, 9.6, and 9.1. The plugins are vulnerable due to missing input sanitation, improper neutralization of escape, and deserialization weakness. The successful exploitation of these vulnerabilities may result in an authentication bypass and code execution.
Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.
SAP has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
