SAP released 20 security notes on April 2025 patch day, including three addressing critical code injection and authentication bypass flaws.
April 8, 2025 By Ionut Arghire
SAP on Tuesday announced the release of 18 new and two updated security notes as part of its April 2025 Security Patch Day, including three notes addressing critical-severity vulnerabilities.
The first two critical flaws, tracked as CVE-2025-27429 and CVE-2025-31330 (CVSS score of 9.9) are code injection bugs in S/4HANA (Private Cloud) and Landscape Transformation (Analysis Platform).
According to enterprise software security firm Onapsis, however, the CVEs refer to the same security defect and SAP’s patches for them disable the same remote-enabled function module in both products.
