SecurityBridge Research Labs Update - Q1 2025
Chapters
Share Article
Let's Talk SAP Security
Have questions about SAP Security? We’re here to help. Contact Us
Introduction
The SecurityBridge Research Lab focuses on advancing SAP security through continuous research and innovation. SecurityBridge has integrated SAP security research into its operations, aiming to enhance security, identify vulnerabilities, and contribute to SAP ecosystem safety. The lab publishes findings, collaborates with external experts, supports product development, and contributes to open source projects.
Our lab is dedicated to vulnerability detection, fortifying internal security, and employee skill development.
With a research strategy based on ethical compliance, strong strategic partnerships, and continuous training to ensure we deliver the most cutting-edge SAP security solutions.
SAP Security Findings
In the first quarter of 2025, a total of 5 vulnerabilities discovered by the SecurityBridge Research Labs were patched by SAP. Acknowledgements and Credits were provided for the following SAP Security notes:
A breakdown of the severity, the number of days it took SAP to provide a fix, and the CVSS score is provided below:
As we respect a grace period of 3 months to allow customers to implement the patches, specific details about vulnerabilities found cannot be shared yet. However, for some of the above-released patches, SecurityBridge has shipped product updates to detect execution of vulnerable ABAP programs.
How We Discover Vulnerabilities
All vulnerabilities were discovered by indexing and analyzing large amounts of ABAP code with custom-build specialized tooling. This process includes testing for practical exploitation and making sure no false positives are reported.
What is the risk?
4 out of the 5 found vulnerabilities allow the execution of transactions without a specific
authorization check. This might lead to situations where unauthorized data is accessed.
The SQL injection vulnerability is specific to customers using an Informix Database,
which is quite rare. Yet, these customers run the risk of an SQL injection that might lead
to a full system compromise where all SAP data is acquired.
How to protect yourself
For customers to stay protected against these 5 vulnerabilities, and others, it is imperative to apply the
patches as soon as possible and consider proper testing. The SecurityBridge Research Labs is tightly integrated
with product development, leading to continuous updates, e.g., in the area of the SecurityBridge Patch Management module.
About SecurityBridge
SecurityBridge is the leading provider of a comprehensive, SAP-native cybersecurity platform. Trusted by
organizations worldwide to safeguard their most critical business systems. Our platform seamlessly integrates real-time threat monitoring, vulnerability management, and compliance capabilities directly into the SAP environment, empowering organizations to protect their data’s integrity, onfidentiality, and availability with minimal manual effort. With a proven track record, including a stellar customer success rating and over 5,000 SAP systems secured globally. SecurityBridge stands out for its ability to accurately provide a 360° view of the SAP security posture, ease of use, rapid implementation, and transparent licensing. We are committed to innovation, transparency, and customer-centricity, ensuring businesses can confidently navigate the evolving landscape of SAP security threats.
