SAP’s November 2025 security update includes critical patches for code execution, code injection, and insecure deserialization vulnerabilities. Key systems affected are SAP SQL Anywhere, SAP Solution Manager, and SAP NetWeaver AS Java. Administrators should prioritize the application of these patches to mitigate significant security risks.
The November 2025 SAP Security Notes address several severe vulnerabilities requiring immediate attention. Two “hot news” notes highlight critical risks: note 3666261 for a code execution flaw in SAP SQL Anywhere and note 3668705 for a code injection vulnerability in SAP Solution Manager. Another critical issue, an insecure deserialization vulnerability in SAP NetWeaver AS Java, was updated via note 3660659. A high-risk memory corruption vulnerability in the widely used CommonCryptoLib also received a patch under note 3633049, which could otherwise lead to a denial of service. These updates require administrators to review and apply corrections to prevent potential system compromise, data breaches, or service interruptions across various SAP landscapes.
Key Takeaways for November 2025
- A critical code execution vulnerability in SAP SQL Anywhere is patched by note 3666261.
- A code injection flaw in SAP Solution Manager is addressed by hot news note 3668705.
- SAP NetWeaver AS Java has a critical deserialization vulnerability fix updated in note 3660659.
- A high-risk memory corruption bug in CommonCryptoLib is fixed in note 3633049.
- Administrators should upgrade CommonCryptoLib to version 8.5.60 or higher.
Summary of November 2025 SAP Security Notes
| SAP Note | Vulnerability Type | Affected System(s) | Recommended Action |
|---|---|---|---|
| 3666261 | Critical Code Execution | SAP SQL Anywhere | Remove SQL Anywhere Monitor and switch to SQL Anywhere Cockpit. |
| 3668705 | Critical Code Injection | SAP Solution Manager | Apply correction to sanitize input entry. |
| 3660659 | Critical Insecure Deserialization | SAP NetWeaver AS Java | Apply prerequisite note 3670067 and review hardening suggestions. |
| 3633049 | High-Risk Memory Corruption | CommonCryptoLib (used in NetWeaver AS ABAP, SAP HANA) | Upgrade CommonCryptoLib to version 8.5.60 or higher and update impacted components. |
What is the vulnerability in SAP SQL Anywhere?
Hot news note 3666261 patches a critical code execution vulnerability. The correction involves removing the outdated SQL Anywhere Monitor. SAP recommends that administrators transition to using the SQL Anywhere Cockpit for all database administration tasks to secure their environment.
How is SAP Solution Manager affected?
A code injection vulnerability in SAP Solution Manager is addressed by hot news note 3668705. The vulnerability stems from a failure to validate input in a remote-enabled function module. The provided correction sanitizes the input, which includes rejecting certain non-alphanumeric characters to prevent malicious code from being executed.
What are the updates for SAP NetWeaver AS Java?
Note 3660659 was updated to address a critical insecure deserialization vulnerability. The corrections now require the implementation of a prerequisite note, 3670067, which increases the character limit for VM property configuration values. The note also includes new hardening suggestions for optional classes and packages.
What is the CommonCryptoLib vulnerability?
Note 3633049 patches a high-risk memory corruption vulnerability in the SAP Common Cryptographic Library (CCL). This library is essential for encryption and certificate validation in solutions like NetWeaver AS ABAP and SAP HANA. Attackers could exploit this flaw to cause a denial of service. The fix improves boundary checks to prevent buffer overflows, and installations should be upgraded to version 8.5.60 or higher. Note 3628110 provides further details on affected components.
Frequently Asked Questions (FAQ)
What is the most critical SAP vulnerability for November 2025?
The November notes include two “hot news” items: note 3666261 for a critical code execution flaw in SAP SQL Anywhere and note 3668705 for a code injection issue in SAP Solution Manager. Both represent a significant risk and should be patched immediately.
What is SAP CommonCryptoLib (CCL)?
The SAP Common Cryptographic Library (CCL) is a core component that provides encryption, digital certificate validation, and other cryptographic functions for many SAP solutions, including NetWeaver AS ABAP and SAP HANA.
What is the recommended action for the CommonCryptoLib vulnerability?
Administrators should upgrade their CommonCryptoLib installations to version 8.5.60 or higher and update any SAP components that include the library, as detailed in note 3633049.