SAP Fixes Second Zero-Day Used in Server Attacks

SAP has issued security patches to fix a second zero-day vulnerability that was actively exploited in recent cyberattacks targeting its NetWeaver application servers. The flaw, which had not been previously disclosed, allowed attackers to compromise systems before a fix was made available, highlighting the urgency of the update. This marks the second such vulnerability in a short span, raising concerns about the security posture of SAP’s widely used enterprise platform.

The company urged customers to apply the patches immediately to mitigate potential risks. NetWeaver, a core component of SAP’s software landscape, is widely deployed in corporate environments, making it a valuable target for threat actors. The exploitation of zero-day flaws in this platform may put sensitive enterprise data at risk.

SAP’s swift response underscores the growing pressure on software vendors to address vulnerabilities before attackers can take advantage. The firm did not disclose additional technical details about the flaw to prevent further misuse.