161
CVEs
21
Critical
25
High
2
KEV
1
PoC
42
Unpatched C/H
8.7%
Patch Rate
0.7%
Avg EPSS
Severity Breakdown
CRITICAL
21
HIGH
25
MEDIUM
102
LOW
13
Monthly CVE Trend
Affected Products (30)
Java
18
Sap Basis
13
Deserialization
9
Open Redirect
8
Businessobjects Business Intelligence Platform
8
Command Injection
8
Windows
7
Supplier Relationship Management
7
Netweaver
5
Memory Corruption
5
Business Connector
5
Solution Tools Plug In
3
Commerce Cloud
2
Netweaver Application Server Abap
2
Docker
2
Industrial
2
PostgreSQL
2
Introscope Enterprise Manager
1
Netweaver As Abap Kernel
1
OpenSSL
1
Lt Replication Server
1
Netweaver As Abap Krnl64uc
1
S 4Hana Finance
1
Business Server Pages
1
Businessobjects Enterprise
1
Node.js
1
Gui Connector
1
Race Condition
1
Netweaver As Abap Krnl64nuc
1
Strategic Enterprise Management
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0). | CRITICAL | 10.0 | 32.2% | 132 |
KEV
No patch
|
| CVE-2025-42967 | SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application. | CRITICAL | 9.9 | 0.7% | 50 |
No patch
|
| CVE-2026-0501 | SAP S/4HANA General Ledger (Private Cloud and On-Premise) has SQL injection allowing authenticated users to read, modify, and delete backend database data with scope change (CVSS 9.9). Financial data is directly at risk. | CRITICAL | 9.9 | 0.1% | 50 |
No patch
|
| CVE-2026-0488 | Unauthorized code execution in SAP CRM and SAP S/4HANA Scripting Editor. Authenticated attacker exploits generic function module call to execute unauthorized ABAP code. CVSS 9.9. | CRITICAL | 9.9 | 0.0% | 50 |
No patch
|
| CVE-2026-0500 | SAP Wily Introscope Enterprise Manager uses a vulnerable third-party component that allows unauthenticated attackers to create malicious JNLP files at public URLs. Victims who click these URLs execute OS commands on their machines. Scope change. Patch available. | CRITICAL | 9.6 | 0.1% | 48 |
|
| CVE-2026-0509 | Unauthorized Remote Function Call execution in SAP NetWeaver ABAP. Low-privileged users can execute background RFCs without proper authorization checks. CVSS 9.6. | CRITICAL | 9.6 | 0.0% | 48 |
No patch
|
| CVE-2025-42963 | A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment. | CRITICAL | 9.1 | 0.2% | 46 |
No patch
|
| CVE-2025-42966 | SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application. | CRITICAL | 9.1 | 0.2% | 46 |
No patch
|
| CVE-2025-42964 | SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2025-42980 | SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2025-42958 | Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2026-0498 | SAP S/4HANA (Private Cloud and On-Premise) has the same backdoor vulnerability as CVE-2026-0491 – admin-exploitable ABAP/OS command injection via RFC function module. Patch available. | CRITICAL | 9.1 | 0.1% | 46 |
|
| CVE-2026-0491 | SAP Landscape Transformation has an admin-exploitable backdoor via RFC function module that allows injection of arbitrary ABAP code and OS commands, bypassing authorization checks. Scope change enables full SAP system compromise. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2026-27685 | SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files. | CRITICAL | 9.1 | 0.0% | 46 |
No patch
|
| CVE-2025-42982 | Privilege escalation vulnerability in SAP GRC that allows authenticated non-administrative users to access and initiate transactions capable of modifying system credentials. This critical flaw compromises confidentiality, integrity, and availability across the application, with a CVSS score of 8.8 indicating high severity. The vulnerability requires valid credentials to exploit but has no privilege requirements beyond basic user access, making it a significant risk in environments with broad GRC user bases. | HIGH | 8.8 | 0.1% | 44 |
No patch
|