SecurityBridge - Experts & Thought Leaders

SecurityBridge, creator of the Cybersecurity Command Center for SAP, announced that the SecurityBridge Threat Research Labs uncovered a critical SAP vulnerability rated a 9.9 out of 10 severity, and gave its customers advanced notice on October 30, 2025, to update detection signatures before the vulnerability was publicly disclosed. In total, the Threat Research Labs uncovered three vulnerabilities that were among the 25 new and updated SAP Security Notes SAP published for its November Patch Day. Contained in the SAP Patch Day alert, the HotNews note 3668705 – [CVE-2025-42887] Code Injection vulnerability in SAP Solution Manager describes how a remote-enabled function module can be misused to inject malicious code, resulting in complete system control. Public patch A public patch for this vulnerability has been released, which might speed up reverse-engineering and exploit development, so patching soon is advised. In addition to the highest priority category discovered, the Threat Research Labs found the following two vulnerabilities, also released within the SAP Patch Day notes: Medium priority: note 3643337 – [CVE-2025-42882] Missing Authorization check in SAP NetWeaver Application Server for ABAP 4.3 Low priority: note 3634053 – [CVE-2025-42883] Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench) Code-injection vulnerability "When we discover a vulnerability that scores a 9.9 out of 10 priority rating, we know we're looking at a threat that could give attackers complete system control," said Joris van de Vis, Director of Security Research, SecurityBridge. "CVE-2025-42887 is particularly dangerous because it allows to inject code from a low-privileged user, which leads to a full SAP compromise and all data contained in the SAP system.” “This code-injection vulnerability in SAP Solution Manager represents exactly the kind of critical attack surface weakness that our Threat Research Labs work tirelessly to identify and eliminate. SAP systems are the backbone of business operations, and vulnerabilities like this remind us why proactive security research is non-negotiable." Uncovering the most critical SAP vulnerabilities The SecurityBridge Threat Research Labs has a history of uncovering the most critical SAP vulnerabilities: In September 2025, the company discovered a Critical SAP S/4HANA code injection vulnerability (CVE-2025-42957), rated 9.9 out of 10 in severity.  In August 2025, the team discovered three vulnerabilities, two of which were rated 9.9 out of 10 in severity: [CVE-2025-42950] Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform) [CVE-2025-42957] Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise) [CVE-2025-42946] Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management) The company has updated the SecurityBridge Platform to ensure customers are insulated from known vulnerabilities. SecurityBridge's Patch Management offers invaluable insights into existing patching gaps within SAP landscapes, a complete list of today’s new vulnerabilities, and an overview.

SecurityBridge, creator of the Cybersecurity Command Center for SAP, announced Secure Together New York 2025, an in-person SAP security event on November 12, 2025, at the Accenture Office, One Manhattan West, New York. SecurityBridge’s expertise in SAP cybersecurity has been featured by top-tier media outlets, including Forbes, TechRadar, and The Hacker News. The company will join forces with partners - Accenture, Bowbridge, Fortinet, NextLabs, and Saviynt to deliver a full day of expert sessions exploring the future of SAP security. These sessions will cover AI-powered segregation of duties (SoD) controls, quantum-resistant strategies, and defense mechanisms against modern ransomware and file-based exploits. Next generation of enterprise security  “Secure Together New York 2025 brings the SAP community face-to-face with the pioneers shaping the next generation of enterprise security,” said Bill Oliver, U.S. Managing Director, SecurityBridge, adding “From quantum-ready controls to zero trust transformation, attendees will gain actionable insights they can apply immediately within their organizations.” Secure digital cloud transformation Attendees will gain practical insights into SAP Business Technology Platform (BTP) security, zero-trust data segregation, and secure digital cloud transformation, as well as an early look at SAP’s GRC 2026 roadmap and new Fiori-first security usability enhancements. Designed for security and compliance professionals, the program combines innovation, practicality, and real-world use cases to help enterprises strengthen their SAP security posture with confidence. Why attend Expert Sessions from global SAP security leaders on AI, quantum security, and ransomware defense. Real-World Use Cases highlighting zero-trust data segregation and SAP cloud security transformations. Peer Networking with industry leaders and partners shaping SAP security in North America. Forward-Looking Insights into SAP’s GRC roadmap and AI-driven identity governance. Attendance is free, and the one-day format minimizes disruption to work schedules while delivering maximum value for SAP security teams.

SecurityBridge, creator of the Cybersecurity Command Center for SAP, announced that Bill Oliver, Managing Director for the Americas, and Tim Alsop, Product Architect and Managing Director for the U.K., will present at ASUG Tech Connect 2025 on strategies for securing SAP environments.  Their session, “Securing the Digital Core: SAP Cybersecurity Strategies,” will highlight the SecurityBridge Platform and the newly integrated TrustBroker technology, demonstrating how these solutions work together to protect SAP environments against emerging cyber threats. The session will take place on Nov. 6 from 3:15 to 4:05 p.m. ET in room L014.  integrating cybersecurity into SAP governance ASUG Tech Connect, held Nov. 4–6 in Louisville, brings together developers, architects, administrators, and engineers across the SAP ecosystem for technical education focused on cybersecurity, cloud adoption, automation, and artificial intelligence. The SecurityBridge presentation aligns with the technical education focus by detailing the use of context- and risk-based multi-factor authentication (MFA) and step-up authentication via TrustBroker, along with security monitoring, vulnerability management, and incident response practices. In addition, the speakers will also discuss integrating cybersecurity into SAP governance frameworks to help ensure organizations can safeguard their digital core while advancing modernization initiatives. Digital backbone for critical business operations "Organizations depend on SAP as the digital backbone for critical business operations, so protecting that core is essential," said Bill Oliver, adding "With the move to S/4HANA and hybrid cloud, companies need unified visibility and intelligent authentication that strengthens security without slowing business." He continues, "By combining the SecurityBridge platform with TrustBroker, we enable customers to detect threats earlier, validate access based on context and risk, and secure their SAP environments end-to-end. Our mission is to help SAP users stay resilient and compliant as their threat landscape continues to expand." ASUG has more than 130,000 members representing thousands of organizations. Attendees can visit SecurityBridge at booth No. 404 for private consultations and technical discussions.