Daily Security Review

SAP’s July 2025 Patch Day: Critical Flaws, CVE-2025-30012, and Ransomware Risk

08 Jul 2025

Audio

Description

In this episode, we break down SAP’s July 2025 Security Patch Day—a high-stakes moment for any enterprise relying on SAP’s core business applications. With 27 new and 4 updated security notes released, including seven rated as critical, this patch cycle directly targets some of the most serious vulnerabilities seen in SAP environments in recent memory.At the center of this month’s update is CVE-2025-30012, a critical unauthenticated command execution flaw in SAP Supplier Relationship Management (SRM). Initially classified as high priority, this vulnerability has now been escalated to critical status due to its severe impact. Also in the spotlight: a remote code execution bug in SAP S/4HANA and SCM (CVE-2025-42967), and four insecure deserialization vulnerabilities affecting SAP NetWeaver Java systems—longtime targets for threat actors and ransomware groups alike.While there are no confirmed in-the-wild exploits for these new issues, history tells us that such gaps don’t remain unexploited for long. Just earlier this year, vulnerabilities in SAP’s Visual Composer framework were actively exploited by ransomware operators like BianLian and RansomEXX. As threat actors grow more sophisticated and supply chain targets grow more lucrative, patch speed has never been more important.This episode covers:The vulnerabilities patched in SAP’s July advisory and their real-world riskWhy CVSS scoring matters—and how SAP determines what counts as "critical"The SAP vulnerability lifecycle, and how organizations can use structured frameworks for patch and incident managementKey lessons from past exploits, including zero-day activity targeting SAP systemsThe shared security model in cloud deployments like RISE with SAP—and what you’re responsible for vs. what SAP handlesWhy alert fatigue and delayed patching are existential threats in SAP environmentsHow to verify your patch level, interpret SAP Notes, and ensure you’re protectedWe also discuss how critical tools like SecurityBridge, NIST-aligned vulnerability workflows, and proactive community engagement can help mitigate threats and support SAP admins, DevSecOps teams, and CISOs navigating the growing complexity of ERP security.

Transcription

This episode hasn't been transcribed yet

Help us prioritize this episode for transcription by upvoting it.

0 upvotes

🗳️ Sign in to Upvote

Popular episodes get transcribed faster

Other recent transcribed episodes

Transcribed and ready to explore now

13:00H | 21 DIC 2025 | Fin de Semana

01 Jan 1970

Fin de Semana

10:00H | 21 DIC 2025 | Fin de Semana

01 Jan 1970

Fin de Semana

12:00H | 20 DIC 2025 | Fin de Semana

01 Jan 1970

Fin de Semana

2ª PARTE | 06 ENE 2026 | EL PARTIDAZO DE COPE

01 Jan 1970

El Partidazo de COPE

3ª PARTE | 22 ENE 2026 | EL PARTIDAZO DE COPE

01 Jan 1970

El Partidazo de COPE

3ª PARTE | 04 MAR 2026 | EL PARTIDAZO DE COPE

01 Jan 1970

El Partidazo de COPE

Comments

There are no comments yet.

Please log in to write the first comment.

Report any issue

Daily Security Review

SAP’s July 2025 Patch Day: Critical Flaws, CVE-2025-30012, and Ransomware Risk

This episode hasn't been transcribed yet

Other recent transcribed episodes

13:00H | 21 DIC 2025 | Fin de Semana

10:00H | 21 DIC 2025 | Fin de Semana

12:00H | 20 DIC 2025 | Fin de Semana

2ª PARTE | 06 ENE 2026 | EL PARTIDAZO DE COPE

3ª PARTE | 22 ENE 2026 | EL PARTIDAZO DE COPE

3ª PARTE | 04 MAR 2026 | EL PARTIDAZO DE COPE

Sign in to Audioscrape

Share this moment