SAP security advisory – December 2025 monthly rollup (AV25-818)

Serial number: AV25-818
Date: December 9, 2025

On December 9, 2025, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

  • SAP Solution Manager – version ST 720
  • SAP Commerce Cloud – versions HY_COM 2205, COM_CLOUD 2211 and COM_CLOUD 2211-JDK21
  • SAP jConnect - SDK for ASE – versions SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 and 16.1
  • SAP Web Dispatcher and Internet Communication Manager (ICM) – versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.22_EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 and 9.16
  • SAP NetWeaver (remote service for Xcelsius) – versions BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50 and BIWEBAPP 7.50
  • SAP Business Objects – versions ENTERPRISE 430, 2025 and 2027
  • SAP Web Dispatcher, Internet Communication Manager and SAP Content Server – versions KRNL64UC 7.53, WEBDISP 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, CONTSERV 7.53, 7.54, KERNEL 7.53 and 7.54
  • SAP S/4 HANA Private Cloud (Financials General Ledger) – versions S4CORE 104, 105, 106, 107, 108 and 109
  • SAP NetWeaver Internet Communication Framework – versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 and SAP_BASIS 758
  • Application Server ABAP – versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16 and 9.17
  • SAP NetWeaver Enterprise Portal – version EP-RUNTIME 7.50
  • SAPUI5 framework (Markdown-it component) – versions SAP_UI 755, 756, 757 and 758
  • SAP Enterprise Search for ABAP – versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 and SAP_BASIS 816
  • SAP BusinessObjects Business Intelligence Platform – versions ENTERPRISE 430, 2025 and 2027

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations, and apply the necessary updates.

Date modified: