223
CVEs
26
Critical
38
High
2
KEV
1
PoC
55
Unpatched C/H
10.8%
Patch Rate
0.6%
Avg EPSS
Severity Breakdown
CRITICAL
26
HIGH
38
MEDIUM
142
LOW
17
Monthly CVE Trend
Affected Products (30)
Java
18
Sap Basis
13
Deserialization
9
Open Redirect
8
Businessobjects Business Intelligence Platform
8
Command Injection
8
Windows
7
Supplier Relationship Management
7
Netweaver
5
Memory Corruption
5
Business Connector
5
Solution Tools Plug In
3
Commerce Cloud
2
Netweaver Application Server Abap
2
Docker
2
Industrial
2
PostgreSQL
2
Introscope Enterprise Manager
1
Netweaver As Abap Kernel
1
OpenSSL
1
Lt Replication Server
1
Netweaver As Abap Krnl64uc
1
S 4Hana Finance
1
Business Server Pages
1
Businessobjects Enterprise
1
Node.js
1
Gui Connector
1
Race Condition
1
Netweaver As Abap Krnl64nuc
1
Strategic Enterprise Management
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0). | CRITICAL | 10.0 | 32.2% | 132 |
KEV
No patch
|
| CVE-2025-42967 | SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application. | CRITICAL | 9.9 | 0.7% | 50 |
No patch
|
| CVE-2025-27429 | SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 9.9 | 0.4% | 50 |
No patch
|
| CVE-2025-31330 | SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 9.9 | 0.4% | 50 |
No patch
|
| CVE-2026-0501 | SAP S/4HANA General Ledger (Private Cloud and On-Premise) has SQL injection allowing authenticated users to read, modify, and delete backend database data with scope change (CVSS 9.9). Financial data is directly at risk. | CRITICAL | 9.9 | 0.1% | 50 |
No patch
|
| CVE-2026-0488 | Unauthorized code execution in SAP CRM and SAP S/4HANA Scripting Editor. Authenticated attacker exploits generic function module call to execute unauthorized ABAP code. CVSS 9.9. | CRITICAL | 9.9 | 0.0% | 50 |
No patch
|
| CVE-2025-30016 | SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.5% | 49 |
No patch
|
| CVE-2026-0500 | SAP Wily Introscope Enterprise Manager uses a vulnerable third-party component that allows unauthenticated attackers to create malicious JNLP files at public URLs. Victims who click these URLs execute OS commands on their machines. Scope change. Patch available. | CRITICAL | 9.6 | 0.1% | 48 |
|
| CVE-2026-0509 | Unauthorized Remote Function Call execution in SAP NetWeaver ABAP. Low-privileged users can execute background RFCs without proper authorization checks. CVSS 9.6. | CRITICAL | 9.6 | 0.0% | 48 |
No patch
|
| CVE-2025-42963 | A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment. | CRITICAL | 9.1 | 0.2% | 46 |
No patch
|
| CVE-2025-42966 | SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application. | CRITICAL | 9.1 | 0.2% | 46 |
No patch
|
| CVE-2025-42964 | SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2025-42980 | SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2025-42958 | Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2026-0498 | SAP S/4HANA (Private Cloud and On-Premise) has the same backdoor vulnerability as CVE-2026-0491 – admin-exploitable ABAP/OS command injection via RFC function module. Patch available. | CRITICAL | 9.1 | 0.1% | 46 |
|