SAP customers are facing a rapidly intensifying security landscape in 2025, with both the volume and severity of vulnerabilities rising sharply compared to last year. According to a new analysis from SecurityBridge Research Labs, SAP has already released 207 security notes year-to-date, representing a 39% increase over the 149 notes published across all of 2024. More concerning, the distribution of those notes shows a marked shift toward higher-risk vulnerabilities affecting core SAP components. SecurityBridge, which positions itself as a leading contributor to SAP vulnerability research, reports that critical and high-severity issues are appearing more frequently and with greater potential business impact. Of the 2025 notes published so far, 25 are classified as Hot News with CVSS scores of 9.0 or higher, including five vulnerabilities rated at the maximum CVSS score of 10. An additional 35 notes fall into the high-priority range with CVSS scores between 7.5 and 8.9, many targeting foundational SAP technologies.

Critical Vulnerabilities Target Core SAP Systems

Among the most severe vulnerabilities disclosed in 2025 is SAP Security Note 3594142, a CVSS 10.0 Hot News issue affecting SAP NetWeaver Visual Composer. The vulnerability stems from a missing authorization check and enables remote, unauthenticated attackers to upload malicious files, potentially leading to full system compromise across confidentiality, integrity, and availability. Another high-impact issue is SAP Security Note 3668705, rated CVSS 9.9, which addresses a code injection vulnerability in SAP Solution Manager. Reported by SecurityBridge Research Labs, the flaw allows arbitrary code execution in environments that are often deeply integrated across SAP landscapes. Because Solution Manager frequently serves as a central administrative hub, exploitation could enable attackers to pivot laterally into multiple connected systems. SecurityBridge also highlighted SAP Security Note 3627998, a CVSS 8.8 vulnerability in SAP S/4HANA private cloud and on-premise deployments. The issue enables the injection of arbitrary ABAP code while bypassing key authorization checks, effectively functioning as a backdoor. Given S/4HANA’s status as SAP’s strategic digital core, vulnerabilities at this level have immediate implications for thousands of customers worldwide.

SecurityBridge’s Research Contributions

SecurityBridge reports that it has responsibly disclosed 16 vulnerabilities to SAP to date, all of which resulted in published SAP Security Notes. Three of those disclosures are among the high-risk vulnerabilities included in the 2025 patch cycle. The company says this collaboration underscores both the growing complexity of SAP security and the importance of coordinated vulnerability research between SAP and the security community.

What This Means for SAPinsiders

SAP security risk is increasing faster than patch cycles alone can absorb. Technology leaders should expect a sustained rise in critical SAP vulnerabilities and plan patching and testing processes accordingly. This shift will likely require tighter SLAs between security, Basis, and application teams to avoid exposure windows that extend beyond monthly patch cycles. Hot News vulnerabilities demand immediate operational response. Security and Basis teams will need tighter coordination to prioritize CVSS 9+ notes and assess cross-system blast radius, especially in integrated landscapes. Organizations that still rely on manual patch triage or quarterly remediation cycles may find themselves increasingly outpaced by the speed of disclosure and exploitation. Proactive monitoring is becoming essential. As SAP environments grow more interconnected and cloud-enabled, continuous vulnerability detection and exploitation monitoring will increasingly complement traditional monthly patching models. For SAP professionals, this means evaluating tools and processes that provide real-time visibility into configuration drift, missing notes, and active threat indicators across the entire SAP landscape.