Wednesday , February 12 2025
Security Patch

SAP Security Patch February 2025: Multi Vulns Addressed

infosecbulletin 12 hours ago Alert, Vulnerabilities

SAP has issued new security patches for 19 vulnerabilities and updated 2 previous Security Notes. This Patch Day features fixes for various issues, including a high-risk authorization flaw in SAP BusinessObjects Business Intelligence.

The critical vulnerability (CVE-2025-0064, CVSS 8.7) enables an attacker with admin rights to impersonate any user in the SAP BusinessObjects Business Intelligence platform, risking sensitive data and system integrity. SAP advises customers to prioritize patching this issue to safeguard their systems.

Microsoft 2025 February Patch Tuesday fixes 2 zero-days, 55 flaws

By infosecbulletin / Wednesday , February 12 2025
Microsoft's February 2025 Patch Tuesday includes security updates for 55 vulnerabilities, including four zero-days, two of which are currently being...
Read More
Microsoft 2025 February Patch Tuesday fixes 2 zero-days, 55 flaws

Patch Now
SonicWall firewall vuln allows hackers to hijack VPN sessions

By infosecbulletin / Wednesday , February 12 2025
Bishop Fox security researchers have released detailed information on the CVE-2024-53704 vulnerability, which lets attackers bypass authentication in some versions...
Read More
Patch Now SonicWall firewall vuln allows hackers to hijack VPN sessions

SAP Security Patch February 2025: Multi Vulns Addressed

By infosecbulletin / Tuesday , February 11 2025
SAP has issued new security patches for 19 vulnerabilities and updated 2 previous Security Notes. This Patch Day features fixes...
Read More
SAP Security Patch February 2025: Multi Vulns Addressed

TRACKING RANSOMWARE
Akira Topped January 2025 as the Most Active Ransomware Threat

By infosecbulletin / Tuesday , February 11 2025
In January 2025, there were 510 global ransomware incidents, with Akira as the leading group and new ones like MORPHEUS...
Read More
TRACKING RANSOMWARE Akira Topped January 2025 as the Most Active Ransomware Threat

FinStealer Malware Targets Indian Bank’s Mobile Users, Stealing Credentials

By infosecbulletin / Tuesday , February 11 2025
CYFIRMA analysis reveals a sophisticated malware campaign that exploits a major Indian bank's brand through fake mobile apps. These apps,...
Read More
FinStealer Malware Targets Indian Bank’s Mobile Users, Stealing Credentials

CVE-2024-52875
Over 12,000 Firewall Vulnerable to 1-Click RCE Exploit

By infosecbulletin / Tuesday , February 11 2025
Over 1,200 firewall instances are vulnerable to a critical remote code execution issue, known as CVE-2024-52875. The vulnerability is found...
Read More
CVE-2024-52875 Over 12,000 Firewall Vulnerable to 1-Click RCE Exploit

CVE-2025-24200
Apple releases update of zero-day vuln exploited in the Wild

By infosecbulletin / Tuesday , February 11 2025
Apple has issued emergency security updates to fix a zero-day vulnerability, CVE-2025-24200, which is being exploited in targeted attacks on...
Read More
CVE-2025-24200 Apple releases update of zero-day vuln exploited in the Wild

Zimbra Releases Updates for SQL Injection, XSS, and SSRF Vulns

By infosecbulletin / Monday , February 10 2025
Zimbra has released updates for its Collaboration software to fix critical security flaws that could lead to information disclosure if...
Read More
Zimbra Releases Updates for SQL Injection, XSS, and SSRF Vulns

CVE-2025-23369
SAML Bypass Auth on GitHub Enterprise Servers to Login

By infosecbulletin / Monday , February 10 2025
A serious security vulnerability, CVE-2025-23369, has been found in GitHub Enterprise Server (GHES) that lets attackers bypass SAML authentication and...
Read More
CVE-2025-23369 SAML Bypass Auth on GitHub Enterprise Servers to Login

India to launch new domain name for banks to combat digital fraud

By infosecbulletin / Saturday , February 8 2025
India's central bank to launch a special “.bank.in” domain for banks in April 2025 to fight digital payment fraud and...
Read More
India to launch new domain name for banks to combat digital fraud

Other high-severity vulnerabilities addressed in this Patch Day include:

Path Traversal Vulnerability in SAP Supplier Relationship Management (CVE-2025-25243, CVSS 8.6): This flaw lets an unauthorized user access and download sensitive files.

Authentication Bypass in SAP Approuter (CVE-2025-24876, CVSS 8.1): This vulnerability allows attackers to steal user sessions and access applications without authorization.

SAP Enterprise Project Connection has several vulnerabilities (CVE-2024-38819, CVE-2024-38820, CVE-2024-38828) that could let attackers access project data and disrupt operations. SAP also updated two previous Security Notes to enhance protection against potential attacks.

SAP advises customers to review and promptly apply the latest Security Notes and patches. Prioritizing critical vulnerability patching is essential to reduce exploitation risks. Customers should also subscribe to the Security Notification Service for timely alerts on new vulnerabilities and patches.

Akira Topped January 2025 as the Most Active Ransomware Threat

Check Also

zero-day

CVE-2025-24200
Apple releases update of zero-day vuln exploited in the Wild

Apple has issued emergency security updates to fix a zero-day vulnerability, CVE-2025-24200, which is being …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin