SAP Urges Immediate Action: Critical Security Updates for S/4HANA, Business One, and Landscape Transformation
SAP has released crucial security updates addressing multiple vulnerabilities in its enterprise software suite. The updates include fixes for critical code injection and broken authorization issues, affecting SAP S/4HANA, SAP Business One, and SAP Landscape Transformation.
Among the patched vulnerabilities are CVE-2025-27429 and CVE-2025-42957, both critical code injection flaws in SAP S/4HANA. Additionally, CVE-2025-42951, a high-severity broken authorization vulnerability, was fixed in SAP Business One. Furthermore, SAP Landscape Transformation's CVE-2025-42950, another critical code injection vulnerability, has been addressed.
SAP issued 15 new security notes and 4 updates for previously released patches in August 2025. In total, the company fixed 26 flaws, with 4 being critical. Experts advise organizations using affected SAP systems to promptly apply the official security patches and implement recommended best practices to mitigate risks.
Organizations are urged to prioritize the application of these security patches to protect their systems from potential exploits. Regular security assessments, monitoring, access control tightening, and system hardening are also recommended to maintain a robust security posture.
