medium2026-05-12SAP Commerce CloudCVE-2025-68161

Improper Certificate Validation in SAP Commerce Cloud Log4j Component

SAP Commerce Cloud (Apache Log4j dependency)

Our Take

Bundle with the critical Commerce Cloud rebuild (Note 3733064) into the same maintenance window.

Vulnerability Detail

Improper certificate validation in the Apache Log4j dependency shipped with SAP Commerce Cloud could allow man-in-the-middle attacks against outbound HTTPS connections from the platform.

Patch Action

Apply SAP Note 3716450.

Affected Versions

HY_COM 2205

COM_CLOUD 2211

Patch Info

CVSS Score

4.8

SAP Note

3716450 ↗

CVE

CVE-2025-68161

Published

2026-05-12

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches