SAP has patched high-severity vulnerabilities in its Commerce and NetWeaver enterprise software packages.
The updates came as part of 25 security patches released on Tuesday for the latest edition of SAP’s monthly patch release cycle.
SAP Security Note #3563927 addresses a critical vulnerability in transaction SA38 SAP NetWeaver Application Server ABAP. If successfully exploited, the vulnerability (tracked as CVE-2025-26661) grants access to Class Builder functions that ought to be restricted to the ABAP Development Workbench.
The vulnerability scores 8.8 on the CVSS scale, well toward the critical end of the spectrum.
SAP NetWeaver Application Server ABAP (AS ABAP) is a middleware component in SAP’s software stack that acts as a foundation for many SAP applications. The technology ties together user interaction and desktop component integration (presentation layer), ABAP application servers and message servers (application layer), and databases.
Read More from This Article: SAP patches severe vulnerabilities in NetWeaver and Commerce apps
Source: News