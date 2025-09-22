The National Computer Emergency Response Team (CERT) has issued a high-severity security advisory warning organizations of serious vulnerabilities in SAP systems, including S/4HANA, Business One, and NetWeaver. The flaws, some rated as high as 9.9 on the CVSS scale, could allow attackers to completely compromise systems used by banks, telecom operators, and government institutions.

Critical SAP Exploits: Vulnerabilities Could Enable Full System Takeover

According to the advisory, the flaws expose critical business systems to remote code execution and unauthorized access. Attackers could inject malicious code into SAP systems even with low-level credentials, potentially gaining full control.

The risks include:

Theft of sensitive financial and operational data

Installation of ransomware or spyware

Disruption of essential business services

Long-term compromise of enterprise networks

The CERT stressed that if left unpatched, these vulnerabilities could lead to complete system takeover and severe data loss, making them among the most critical security threats in recent months.

The advisory strongly recommends that organizations immediately install SAP’s September 2025 security updates to mitigate the risks. Systems exposed to the internet without the latest patches are considered high-value targets for cybercriminals.

For organizations unable to apply patches right away, CERT advised:

Restricting access to trusted internal networks only

Enforcing strict security controls and the principle of least privilege

Deploying web firewall rules and enabling log monitoring

Testing backup systems to ensure data recovery in case of attack

Updating incident response plans to include potential SAP exploit scenarios

Growing Concerns for Critical Infrastructure

SAP systems are widely deployed across industries, powering core financial operations, supply chain management, and enterprise workflows. Their prevalence in banks, government departments, and telecom companies makes them prime targets for cyberattacks.

“Timely patching is the most effective defense against these exploits,” the advisory noted, warning that any delays could result in business disruption at scale.

Cybersecurity experts say the latest flaws underline the urgent need for enterprises to prioritize patch management and tighten access controls, especially in systems directly linked to financial and citizen services.

As attackers increasingly target enterprise software, the spotlight is on organizations running SAP to act quickly. With vulnerabilities severe enough to allow full system compromise, the coming weeks will be critical for banks, government agencies, and service providers that rely heavily on SAP platforms.

