Summary
As part of the February Security Patch Day, SAP releases security updates to address several vulnerabilities, including 4 with a “high” severity.
Risk
Vulnerability impact estimate on the reference community: High (65.0)
Type
- Privilege Escalation
- Information Disclosure
- Security Restrictions Bypass
Affected products and versions
SAP
- BusinessObjects Business Intelligence platform (Central Management Console), version ENTERPRISE 430, 2025
- Supplier Relationship Management (Master Data Management Catalog), version SRM_MDM_CAT 7.52
- Approuter Node.js package, from version 2.6.1 to 16.7.1
- HANA extended application services, advanced model (User Account and Authentication Services), version SAP_EXTENDED_APP_SERVICES 1
Mitigation actions
In line with the vendor’s statements, it is recommended to update the vulnerable products following the instructions in the security bulletin reported in the References section.
The following are only the CVEs related to the vulnerabilities with “high” severity:
References
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
