InfoSecBulletin Cybersecurity for mankind
SAP has issued new security patches for 19 vulnerabilities and updated 2 previous Security Notes. This Patch Day features fixes for various issues, including a high-risk authorization flaw in SAP BusinessObjects Business Intelligence.
The critical vulnerability (CVE-2025-0064, CVSS 8.7) enables an attacker with admin rights to impersonate any user in the SAP BusinessObjects Business Intelligence platform, risking sensitive data and system integrity. SAP advises customers to prioritize patching this issue to safeguard their systems.
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
Other high-severity vulnerabilities addressed in this Patch Day include:
Path Traversal Vulnerability in SAP Supplier Relationship Management (CVE-2025-25243, CVSS 8.6): This flaw lets an unauthorized user access and download sensitive files.
Authentication Bypass in SAP Approuter (CVE-2025-24876, CVSS 8.1): This vulnerability allows attackers to steal user sessions and access applications without authorization.
SAP Enterprise Project Connection has several vulnerabilities (CVE-2024-38819, CVE-2024-38820, CVE-2024-38828) that could let attackers access project data and disrupt operations. SAP also updated two previous Security Notes to enhance protection against potential attacks.
SAP advises customers to review and promptly apply the latest Security Notes and patches. Prioritizing critical vulnerability patching is essential to reduce exploitation risks. Customers should also subscribe to the Security Notification Service for timely alerts on new vulnerabilities and patches.
Akira Topped January 2025 as the Most Active Ransomware Threat
