ZReport – SAP Weekly Market Insights & Contract Leads

🚀TL;DR - This Week in SAP

👋 Hey Zreaders, here’s the week in a flash:

• A critical S/4HANA flaw (CVE-2025-42957) is being exploited in the wild.

• SAP released 21 new Security Notes plus updates.

• SmartRecruiters acquisition completed: SAP expands talent-acquisition capabilities and interoperability with SuccessFactors.

• PwC → SAP Cloud ERP: major PwC global ERP go-live highlights large-scale Cloud ERP consolidation.

🧑‍💻 Developer updates: SAP Developer News (Sep 11) covers CAP updates, BTP focus, and toolchain items builders should track.

📈SAP Market Pulse

Security, compliance, and enterprise cloud adoption set the agenda this week.

What it means for SAP pros:

• Basis & Security Teams → treat CVE-2025-42957 as urgent: patch affected S/4HANA versions, monitor RFC traffic, and check for unexpected admin users or ABAP changes.
  

• Cloud Architects → the Patch Day and the PwC case both set momentum for Cloud ERP and secure deployment models — expect more client questions on multi-tenant vs private cloud risk and compliance.
  

📌 Featured Insight

Security + Cloud: Two Sides of SAP’s Future

• S/4HANA Alert — CVE-2025-42957: a high-severity ABAP code-injection flaw (CVSS 9.9) has verified exploitation activity. Attackers can achieve code execution and admin-user creation if systems remain unpatched. 

•  Patch Day & NetWeaver HotNews: September’s notes include critical NetWeaver AS Java deserialization and RMI-P4 fixes (example: Note #3634501). Prioritize HotNews and High items for rapid remediation

🎯 Consultant's Corner

Actionables for consultants this week:

1. Apply September Security Notes and the specific S/4HANA fixes.

2. Monitor RFC calls, ABAP change logs, and S_DEVIS / S_DMIS/SAP_ALL related activities.

3. Treat the RMI-P4/insecure-deserialization items as HotNews

4. Validate exposure, isolate AS Java instances where possible, and schedule emergency fixes for public-facing services.

💼Contract & Job Leads

Ready for a move? Check out these SAP jobs that stand out this week:

🛠️ Tools We Love

• 🔒 SAP Security Notes: September 2025 (Patch Day). 

• ⚠️ SecurityBridge advisory: CVE-2025-42957 analysis & indicators.

• 🔍 Onapsis Patch Day analysis: (NetWeaver HotNews & notes).

🧠 Career Hack of the Week

Add “SAP Security Patching & Incident Response” or similar as a highlighted skill on LinkedIn. Recruiters are actively searching for professionals who combine Basis/Security know-how with cloud migration experience.

♟️ ZThought

“In SAP, resilience is measured by patch speed and innovation pace — those who master both win.”

📝Editor’s Note

This week is a reminder that patch speed and cloud strategy must work together. Security incidents demand immediate baseline hygiene — but large customer wins and acquisitions show how SAP’s cloud + AI story is accelerating demand for integration and advisory work.

Thanks for reading ZReport. Know someone in SAP security, HCM, or cloud ERP projects? Forward this.
Hiring SAP folks?

Or browse 500+ curated jobs at ShinyGigs.com

Modernize your marketing with AdQuick

AdQuick unlocks the benefits of Out Of Home (OOH) advertising in a way no one else has. Approaching the problem with eyes to performance, created for marketers with the engineering excellence you’ve come to expect for the internet.

Marketers agree OOH is one of the best ways for building brand awareness, reaching new customers, and reinforcing your brand message. It’s just been difficult to scale. But with AdQuick, you can easily plan, deploy and measure campaigns just as easily as digital ads, making them a no-brainer to add to your team’s toolbox.

Learn more now.