SAP Security Newsletter - Sep 2025
Blog Highlight
DIVD and SecurityBridge Join Forces: Scanning the Internet for Vulnerable SAP Systems (CVE-2025-31324)
Joint Mission: SecurityBridge and the Dutch Institute for Vulnerability Disclosure (DIVD) collaborated to detect and reduce exposure to CVE-2025-31324, notifying stakeholders before attackers could exploit it.
The Vulnerability: CVE-2025-31324 is a critical RCE flaw (CVSS 10.0) in SAP NetWeaver’s Visual Composer Metadata Uploader, allowing unauthenticated attackers to fully compromise systems.
Scan Results: DIVD scans identified 133 vulnerable systems in June; by July, exposure dropped to 103 thanks to coordinated notifications and remediation.
Why It Matters: Successful attacks could disrupt supply chains and financial operations. This initiative reinforces SecurityBridge’s commitment to early warning, actionable threat intelligence, and global collaboration with ethical hackers and public-private partners.
Next Steps for SAP Administrators: Apply SAP Note 3594142 (fix) or 3593336 (workaround). Test endpoint exposure at: https://[server]/developmentserver/metadatauploader (HTTP 200 = vulnerable).
Moving Forward: This operation shows the impact of proactive collaboration. SecurityBridge thanks DIVD for their tireless scanning and responsible disclosure.
Press Coverage
SecurityBridge Discovers Critical SAP S/4HANA Vulnerability — CVE-2025-42957
Discovery — SecurityBridge Threat Research Labs identified CVE-2025-42957, a critical ABAP code injection flaw in SAP S/4HANA.
High Severity — CVSS 9.9; impacts all S/4HANA releases (on-premise & private cloud). Exploitation enables full system compromise.
Low Privileges, Full Control — Even basic users can manipulate records, create superusers, steal password hashes, and alter core processes.
Active Exploitation — Already abused in the wild; patch reverse-engineering is straightforward.
Fast Patch Delivery — Reported June 27, 2025 → SAP patch in August (Notes 3627998, 3633838).
Mitigation
- Apply August 2025 patch immediately.
- Restrict S_DMIS (activity 02) & review RFC modules.
- Monitor for suspicious RFC calls, ABAP changes, or unauthorized admin creation.
- Harden with segmentation, backups, and SAP monitoring.
SecurityBridge Protection Our platform includes detection patterns and virtual patching for zero-day coverage — but SAP’s official patch remains essential.
SecurityBridge News
Announcement: SecurityBridge and beyond expectations GmbH have formed a new partnership to strengthen SAP security in Austria
We’re excited to announce that SecurityBridge has entered into a strategic partnership with Vienna-based beyond expectations GmbH, bringing our leading SAP security platform to more Austrian companies. With their deep expertise in SAP implementations, identity & access management, and cloud integrations, beyond expectations will now deliver SecurityBridge’s real-time threat detection, patch & vulnerability management, and compliance capabilities — enabling Austrian customers to better protect their SAP landscapes beyond the standard toolkit.
Upcoming Events & Webinar
Secure Together on the Road: Copenhagen 2025
🗓️ Tue, Sep 30, 2025
🕛 15:30 - 20:00
📍 Copenhagen, Denmark
Secure Together on the Road: Singapore 2025
🗓️ Thu, Oct 2, 2025
📍 Fullerton Hotel, Singapore
Recommended by LinkedIn
From CyberSafe to SecurityBridge
🗓️ Thu, Oct 9, 2025
🕛 14:30 - 15:20 CEST
📍 Online
SAPinsider EMEA: Copenhagen 2025
🗓️ Wed - Fri, Oct 1 - 3, 2025
📍 Tivoli Hotel & Congress Cente
🤝 Booth no. 105
VNSG Themadag Security: 2025
🗓️ Tue, Oct 7, 2025
🕛 09:00 - 18:00
📍 Bunnik, the Netherlands
It-sa Expo&Congress
🗓️ Tue - Thu, Oct 7- 9, 2025
📍 NürnbergMesse GmbH, Nürnberg
🤝 Hall 8, Booth 303
Past Events & Webinars
Secure Together on Air | Revolutionizing SAP Security: Cutting compliance time by 60%
Join SecurityBridge, Microsoft, and Accenture to explore how integrated, real-time SAP security is cutting costs, simplifying compliance, and closing the gap between SAP and enterprise IT.
Discover SecurityBridge
A CISO-driven holistic approach to SAP Security in Healthcare
Safeguarding sensitive healthcare data requires more than just compliance - it demands a proactive, risk-based approach. In our latest case study, discover how QIAGEN, a global leader with 5,700 employees serving over half a million customers worldwide, transformed its SAP security posture during a major S/4HANA migration. The results were immediate: rapid zero-day vulnerability response, accelerated patch cycles, and a measurable increase in SAP security maturity across the organization.
Closing the Gaps in RISE with SAP: The SecurityBridge Advantage
In this white paper, you explore the RISE with SAP security framework, dive into customer responsibilities, and find out how security solutions like SecurityBridge can enhance your security posture — starting with a tailored roadmap for secure RISE migration.
Sales Director Western Europe @SecurityBridge | Worldst fastest growing SAP Security Platform
1moPlease follow SecurityBridge on LinkedIn and subscribe to our newsletter to stay informed on SAP Security.