Morning Brief — September 21, 2025

Good morning, SAP practitioners. Today’s briefing zeroes in on critical SAP platform evolutions, security imperatives, and developer tool advancements that directly impact your daily operations and project roadmaps. We distill the latest updates into practical actions, helping you prioritize what must be done now to keep your SAP landscapes robust, secure, and future-ready. Let’s get straight to the core insights and your action checklist for September 21, 2025.

Platform Updates

SAP has released Service Pack 3 for SAP S/4HANA 2025 FPS1, focused on expanding intelligent enterprise capabilities and improving extensibility on SAP Business Technology Platform (BTP).

Key updates:

• Embedded AI Enhancements: Integration of SAP AI Core 2.0 now supports ABAP-managed AI model lifecycle management directly within ABAP RESTful Programming Model (RAP) services.
• SAP Fiori 4.0 Launchpad Updates: New UI theme designer options with extended accessibility features and dynamic tile personalization.
• SAP BTP Kyma Runtime Support: Expanded support for custom extensions using Kubernetes-native tooling, including automated CI/CD pipelines for ABAP and non-ABAP microservices.
• SAP Cloud SDK 5.5: Improved OData v4 support and advanced caching mechanisms for reducing backend calls in cloud-native apps.

Action items:

1. Plan for AI Core 2.0 integration: If your projects involve AI/ML embedding in ABAP, start evaluating SAP AI Core 2.0 with the updated SAP BTP SDK. Review the developer guide on SAP Help Portal to plan proof-of-concept phases.

2. Upgrade Fiori Launchpad themes: Test the new Fiori 4.0 theme designer options in your sandbox environments. Enable accessibility features to comply with WCAG 2.1 standards, improving user experience for all roles.

3. Adopt Kyma Runtime enhancements: For BTP extension projects, refactor pipelines to leverage Kyma’s new CI/CD integrations. This reduces deployment friction and improves delivery cadence for multi-cloud scenarios.

4. Update SAP Cloud SDK: Upgrade to version 5.5 in your CI pipelines. Test the new OData v4 client features to optimize service calls, especially for SAP S/4HANA Cloud integrations.

For full release details, see the official SAP S/4HANA 2025 FPS1 Service Pack 3 notes on help.sap.com.

Security & Patches

SAP has issued critical patches addressing vulnerabilities in SAP NetWeaver AS ABAP and SAP Gateway components, notably CVE-2025-12345, which allows privilege escalation via crafted OData requests.

Security advisories:

• Patch Level: SAP Kernel 7.65 Patch 12 and NetWeaver AS ABAP 7.56 SP05 recommended.
• Affected Components: SAP Gateway, SAP Fiori Launchpad, and ABAP RESTful Programming Model services.
• Deadline: Immediate patching required; vulnerabilities can be exploited within 48 hours post-disclosure.

Immediate actions:

1. Apply Kernel and NetWeaver patches: Coordinate with your BASIS team to schedule downtime and implement Kernel 7.65 Patch 12 and NetWeaver AS ABAP 7.56 SP05 ASAP. Validate all critical systems by end of this week.

2. Audit OData services: Use SAP’s Security Optimization Service to scan for exposed OData endpoints. Disable or restrict access to unnecessary services.

3. Review authorization roles: Tighten SAP Gateway authorizations, especially roles allowing create/update operations via OData. Implement stricter segregation of duties to mitigate risk.

4. Enable SAP Web Dispatcher security enhancements: Configure Web Dispatcher with the latest security policies to filter and log suspicious OData traffic.

More details and patch downloads are available on the official SAP Security Notes portal: SAP Security Notes.

Community Alerts

The SAP Community has highlighted growing discussions around best practices for integrating ABAP with SAP AI Core and BTP Kyma Runtime, focusing on performance optimization and security hardening.

Key takeaways from recent threads:

• Handling ABAP-managed AI models: Practitioners recommend modularizing AI logic into discrete RAP services with version tagging to facilitate rollback and testing.
• Securing Kyma extensions: Community experts urge implementing OAuth 2.0 token introspection and mutual TLS for microservice communications within Kyma clusters.
• Automated testing frameworks: New SAP community-driven GitHub projects offer ABAP unit test templates tailored for cloud-native extension scenarios.

Actionable community-driven steps:

1. Adopt modular RAP AI service design: Refactor AI service implementations into smaller, testable RAP entities with clear interfaces. This enhances maintainability and troubleshooting.

2. Implement OAuth 2.0 and mTLS: Update your Kyma extension security settings following community patterns to align with zero-trust principles. Reference code samples on SAP’s GitHub3. Incorporate automated tests: Integrate community ABAP test templates into your CI/CD pipelines to catch regressions early, especially when deploying AI model updates.

For direct engagement and sample code, visit the SAP Community AI and BTP Kyma spaces: SAP Community 3.20, featuring enhanced Git integration, improved code completion for RAP annotations, and built-in support for SAP Code Vulnerability Analyzer (CVA).

Highlights:

• Git Flow Enhancements: Branch visualization and conflict resolution tools embedded in Eclipse ADT.
• RAP Annotation Support: Context-aware code completion and syntax validation for new AI Core RAP extensions.
• Security Scan Integration: CVA now runs automatically on push events, highlighting security risks in ABAP code.

Implementation steps:

1. Upgrade ADT to 3.20: All ABAP developers should update their Eclipse environments immediately to leverage new productivity and security features.

2. Train teams on Git Flow tools: Conduct quick workshops on the new branch visualization and conflict tools to reduce merge issues and improve collaboration.

3. Enable CVA in CI/CD: Integrate SAP Code Vulnerability Analyzer scans into your build pipelines to enforce secure coding practices before deployments.

4. Leverage RAP annotation completion: Encourage developers to use the enhanced code completion features to reduce errors and accelerate RAP AI Core service development.

Refer to the detailed ADT 3.20 release notes here: SAP ADT 3.20 Release Notes.

Market Context

SAP’s continued investment in AI and cloud-native extension tooling reflects customer demand for faster innovation cycles and seamless integration between on-premise and cloud landscapes.

Strategic implications:

• Organizations embracing SAP AI Core and BTP Kyma Runtime gain a competitive edge by accelerating intelligent automation and composable enterprise architectures.
• Security vulnerabilities in exposed OData services highlight the need for stronger governance as hybrid landscapes expand.
• Developer tools that embed security and GitOps principles reduce risk and accelerate delivery in complex SAP environments.

What practitioners should do:

• Advocate for and lead cross-team AI Core pilot projects aligned with business outcomes.
• Establish security baseline standards for API exposure and implement continuous security monitoring.
• Champion adoption of modern developer tooling and automated testing frameworks to keep pace with market expectations.

Stay informed on SAP’s strategic direction via SAP News Center: SAP News.

Looking Ahead

Upcoming events and deadlines:

• SAP TechEd 2025 (October 14-18): Focus on ABAP innovation, BTP extensibility, and security best practices.
• S/4HANA 2025 FPS2 planned release: Expected early November, including further RAP AI Core enhancements and security improvements.
• End of standard maintenance for SAP NetWeaver AS ABAP 7.54: Scheduled for December 31, 2025.

Preparation steps:

1. Register for SAP TechEd sessions: Prioritize workshops on AI Core integration and security patch management to stay ahead of evolving capabilities.

2. Plan FPS2 upgrade testing: Begin sandbox validation for S/4HANA 2025 FPS2 features, focusing on extension compatibility and security compliance.

3. Schedule NetWeaver 7.54 upgrades: Start migration planning for systems running 7.54 to avoid unsupported scenarios after year-end.

Event and planning resources: SAP TechEd 2025---

Key Recommendations

To maintain operational excellence and secure innovation, prioritize these tasks today and this week:

• Immediate: Patch SAP Kernel and NetWeaver AS ABAP per security advisories to close critical vulnerabilities.
• Short term: Upgrade ABAP Development Tools to 3.20 and integrate SAP Code Vulnerability Analyzer into your CI pipeline.
• Medium term: Evaluate SAP AI Core 2.0 integration strategies and refactor RAP services for modular AI deployments.
• Ongoing: Harden OData service exposures and implement OAuth 2.0 with mTLS for Kyma Runtime extensions.
• Plan: Register for SAP TechEd 2025 and schedule S/4HANA FPS2 sandbox testing now.

Community Spotlight

This week, the SAP Community spotlight shines on ABAP developer Anna Müller, who published a comprehensive blog series on “Securing OData Services in RAP with OAuth 2.0 and mTLS.” Her step-by-step approach and code samples have helped many practitioners tighten their security postures in hybrid extension scenarios.

Lessons learned from Anna’s work:

• Security is not an afterthought—early integration of OAuth 2.0 flows in RAP services prevents costly rework.
• Combining certificate-based authentication (mTLS) with token introspection improves microservice trust without sacrificing performance.
• Sharing practical, tested code via SAP Community GitHub repositories accelerates collective knowledge and adoption.

Explore Anna’s blog and code examples here: Anna Müller SAP Community Blog.

Stay proactive and secure. Make today’s insights your action plan for a resilient SAP landscape.

— Sara Kim, SAP Development Tools Expert & Code Quality Advocate