July 2025 SAP Patch Release: A Record-Breaking number of Patches and Critical Deserialization Vulnerabilities
In the past months, the importance of effective SAP vulnerability management processes and technologies for large organizations has been underscored. This is particularly true following the discovery of a series of critical deserialization vulnerabilities that pose a significant threat to SAP systems.
Onapsis Research Labs, a leading cybersecurity firm specializing in SAP security, continues to monitor its Global Threat Intelligence Network for signs of active exploitation. Companies are strongly urged to prioritize patching the following critical deserialization vulnerabilities: SAP Security Note 3578900 (CVE-2025-30012), SAP Security Note 3620498 (CVE-2025-42980), SAP Security Note 3610892 (CVE-2025-42966), SAP Security Note 3621771 (CVE-2025-42963), and SAP Security Note 3621236 (CVE-2025-42964).
Prompt patching, threat monitoring, and continuous vigilance over critical SAP systems are essential to stay ahead of threat actors and reduce SAP cybersecurity risks. Exploiting any of these deserialization weaknesses bypasses typical SAP security controls such as task separation and other GRC controls, potentially leading to espionage, sabotage, fraud, or the installation of ransomware on critical SAP systems.
Onapsis Research Labs consistently decrypts each Patch Tuesday to help SAP users understand the content of monthly releases and set priorities for implementation. In this instance, the focus is on security notes from this Patch Tuesday that belong to a very dangerous class of vulnerabilities: Deserialization of Untrusted Data (CWE-502).
A large-scale campaign exploiting Deserialization of Untrusted Data vulnerabilities was seen in March to June 2025, specifically targeting CVE-2025-31324 and CVE-2025-42999 in SAP Visual Composer. Attackers can inject malicious code into serialized data, causing the application to execute unintended code or unauthorized actions, giving them full control over the target.
Onapsis Research Labs worked closely with the SAP Product Security Research Team (PSRT) in discovering, assessing, and remediating all these deserialization weaknesses. At the time of publishing, Onapsis Research Labs is not aware of any active exploits for the new deserialization vulnerabilities.
These vulnerabilities have a critical CVSS score of 9.1 or 10.0, indicating high severity. In addition to CVE-2025-30012, SAP has addressed four more security vulnerabilities this month, all of which are deserialization vulnerabilities with a critical CVSS score of 9.1.
It's worth noting that SAP SRM is an older solution that is being phased out in favor of SAP Ariba, so the number of potentially affected companies worldwide is small. However, CVE-2025-30012 is a deserialization vulnerability that can be exploited remotely over HTTP(S) without authentication, leading to immediate full compromise of a vulnerable system running a SAP Supplier Relationship Management (SRM) application.
Deserialization of Untrusted Data is a security vulnerability that can occur when an application deserializes untrusted data in an uncontrolled manner, potentially leading to security breaches. Typical SAP security measures such as authentication checks, input validation, and secure coding practices aimed at preventing unsafe deserialization can be bypassed due to flaws like missing authentication in critical SAP functions and insecure deserialization vulnerabilities (e.g., in SAP NetWeaver RMI-P4), allowing attackers to deserialize malicious payloads and execute code with SAP administrator privileges.
SAP published a record number of security patches on Patch Tuesday, which was double the average output in regular months. Given the critical nature of these vulnerabilities, it is imperative that organisations prioritise their patching efforts to mitigate the risks associated with these threats.
Read also:
- Understanding Hemorrhagic Gastroenteritis: Key Facts
- Trump's Policies: Tariffs, AI, Surveillance, and Possible Martial Law
- Expanded Community Health Involvement by CK Birla Hospitals, Jaipur, Maintained Through Consistent Outreach Programs Across Rajasthan
- Abdominal Fat Accumulation: Causes and Strategies for Reduction
