Innovating to Secure the Future of SAP: 2025 Year in Review

Key Takeaways from 2025: If 2024 brought SAP application security into the mainstream, 2025 was the year urgency transformed into concrete action. We saw customers accelerate their RISE with SAP journeys, modernize on SAP BTP, and grapple with the realities of shared responsibility in the cloud. At the same time, adversaries accelerated pace, targeting and exploiting SAP systems faster and at higher scale than ever before. 

At Onapsis, our mission remained clear: stay ahead. This past year, our team launched new innovations for cloud transformations, delivered critical threat intelligence in real-time, expanded SOC visibility, and led the SAP security community conversation.

 As the only SAP cybersecurity and compliance solution endorsed by SAP, this is what “staying ahead” looked like across 2025:

First-Line, Real-Time Defense When Attackers Strike

Responding to Zero-Day SAP Threats

Early in the year, the Onapsis Research Labs (ORL) responded to observed reconnaissance activity associated with CVE-2025-31324, an SAP zero-day. This was an unprecedented zero-day with mass scale exploitation, resulting in over 500 compromised organizations. By working closely with SAP,Mandiant, and global government agencies we helped the entire SAP ecosystem identify indicators of compromise, publish detections, and guide defenders during active, in-the-wild exploitation. 

While SAP responded promptly releasing new security patches, several waves of attacks led to the compromise of hundreds of vulnerable SAP systems. These successful attacks led to full remote compromise of SAP applications, carrying significant operational, financial, regulatory, and reputational risk for affected organizations. In a most troubling example, it reportedly led to $1.2 billion in losses at a large UK manufacturer that had to shut down operations for over six weeks.

While we won a prestigious award for our contributions to our response and remediation of this zero-day, the Inc. Best in Business Award for Innovation, our most important recognition was to hear from so many Onapsis customers “thanks to you, we didn’t get breached by these attacks.” It highlights the need to not only have a proactive approach to SAP security, but being able to respond quickly when wide-reaching vulnerabilities arise. Based on threat actors increasing interest in compromising SAP systems, we expect this trend of large-scale exploitation  to only increase.

If you want to gain a behind-the-scenes look at our great partnership and collaborative efforts with SAP to defend our joint customers during this unprecedented event, we will be hosting a webinar on February 5 jointly with SAP’s PSIRT team. Learn more and register here. 

Unmatched Research: Proactively Discovering & Mitigating SAP Vulnerabilities

Continuing our tight collaboration with SAP throughout 2025, we discovered and mitigated a record of SAP zero-day vulnerabilities that resulted in numerous SAP Security Notes. This included July’s surge of insecure deserialization issues and October’s multiple HotNews notes, several patched with Onapsis contributions., Our analysis helped customers prioritize remediation with precision. In fact, Onapsis Research Labs continues to be the most recognized team for finding and helping remediate SAP vulnerabilities. 2025 was no exception, with 65 vulnerabilities patched and over 50% of HotNews Notes originating from the Onapsis Research Labs team. 

Market-Leading Innovation to Secure SAP Cloud Transformations 

New Security Capabilities for RISE with SAP 

In February, we introduced Control Central, purpose-built to help organizations running or moving to RISE with SAP lock down critical code with unmatched completeness and speed. We also formally introduced Onapsis Control for SAP BTP, allowing faster, more accurate code review in custom developments.

Platform Enhancements Announced at SAP Sapphire 

In May, we unveiled major platform enhancements at SAP Sapphire. We advanced our AI-powered Security Advisor, deepened customizable threat monitoring, and tightened DevSecOps integrations so customers can detect earlier and fix faster across hybrid SAP landscapes.

Year-End Platform Innovations 

We closed the year with another significant wave of platform innovations. This included the SAP Notes Command Center and Rapid Controls, plus expanded SAP BTP and Security Advisor coverage to raise the bar on SAP application security posture management.

Expanding the SOC’s Line of Sight to SAP

Security teams asked us to make SAP risk visible in the tools they already live in. We answered with two important integrations:

• CrowdStrike Falcon® Next-Gen SIEM: We integrated Onapsis Research Labs threat intelligence and SAP-specific telemetry to speed triage and investigations for SAP-related incidents.
• Microsoft Sentinel Solution for SAP + Onapsis Defend: We launched end-to-end SAP threat monitoring to accelerate detection and response inside the SOC’s primary console.

These alliances don’t just create feeds. They create outcomes: faster mean-time-to-detect, cleaner handoffs, and fewer blind spots around your most critical systems.

Listening To and Leading the Community of SAP Defenders 

I spent much of this year with customers and practitioners across SAP community events and industry media. We discussed why shared responsibility must become a shared reality and how leaders are operationalizing SAP security. The message resonated: protect the SAP application layer with dedicated controls, integrate with the SOC, and automate the basics so your best people can focus on what’s next.

We also had the pleasure of speaking with ERP News for both their March issue and October Issue, together with our esteemed customers Merck, HD Supply, Under Armour and DNOW,  highlighting the incredible team of defenders we get to partner with every day.

Recognizing the Team Behind the Mission

Great products and research come from great people. In January, Built In named Onapsis to its 2025 Best Places to Work lists, a testament to the culture our team has built while delivering for customers worldwide.

SAP has also recognized many of our Onapsis Research Labs team members and broader team as part of our close, collaborative relationship to secure applications across their customer ecosystem. Congratulations to the fourteen incredible people within Onapsis recognized by SAP this year alone.

What This Means for 2026 

Threat actors won’t slow down, and neither will we. In 2026, you’ll see us continue to:

• Lead in AI for SAP Security & Compliance, both through exciting product innovations but also helping you securely accelerate your SAP AI-based initiatives.
• Expand proactive controls for RISE with SAP,SAP BTP and other key SAP solutions
• Deepen integrations that make SAP risk a first-class citizen in the SOC and DevSecOps programs.
•  Continue to lead in research and threat intelligence that helps you stay ahead of the threat.

If your SAP landscape is changing (and whose isn’t?), now is the time to operationalize SAP application cybersecurity. We’re here to help you do it right.