Patch Tuesday: September 2025 (Expel’s version)

This Patch Tuesday report (Sept 9, 2025) reviews 86 new CVEs (13 critical) and calls out urgent flaws to prioritize, with particular emphasis on SAP S/4HANA CVE-2025-42957 (code injection, CVSS 9.9) — reported in the wild and enabling full system takeover via the RFC interface — and NetWeaver CVE-2025-42944 (CVSS 10). The post recommends immediate patching and reducing public exposure of vulnerable administrative/RFC interfaces.