Watch out - this SAP NetWeaver bug has a maximum severity score, and it could target your servers next

News
By published

SAP released additional hardening

SAP Building
Image Credit: SAP (Image credit: SAP)
  • SAP patched CVE-2025-42944, a critical flaw allowing unauthenticated OS command execution
  • Two more severe vulnerabilities affect SAP Print Service and Supplier Relationship Management modules
  • Unpatched systems remain exposed; n-day flaws are widely exploited due to delayed patching

Software giant SAP released additional security hardening for a maximum-severity vulnerability that grants threat actors arbitrary command execution capabilities on compromised endpoints.

Earlier this week, the company published a new security advisory, detailing fixes for a total of 17 vulnerabilities (13 fixes and 4 updates), including a 10/10 “insecure deserialization in SAP NetWeaver AS Java” flaw. Tracked as CVE-2025-42944, the flaw allowed threat actors to exploit systems through the RMI-P4 module by submitting malicious payloads to an open port.

"The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability," NVD explained. SAP patched it as part of its September 2025 Security Patch Day.

Abusing n-days

The advisory details two additional critical-severity flaws, a “directory traversal vulnerability” in SAP Print Service, and an “unrestricted file upload vulnerability” in SAP Supplier Relationship Management.

The former is tracked as CVE-2025-42937 and has a severity score of 9.8/10, while the latter is tracked as CVE-2025-42910, and has a severity score of 9.0/10.

While none of these bugs were seen being abused in the wild by threat actors, SAP urges its users to apply the patches and mitigations as soon as possible, to minimize any potential risks.

Exploits for zero-day flaws are arguably more successful compared to n-day ones, but n-day vulnerabilities are abused a lot more frequently. This is due to the fact that many organizations fail to patch their systems on time, leaving exposed instances connected to the wider internet for months on end.

This, paired with widely available Proof-of-concept (PoC) exploits, often makes n-day flaws low-hanging fruit that is easy to exploit.

SAP is the world’s largest ERP vendor, with products in use by more than 90% of the Forbes Global 2000 list, so cybercriminals will most likely scan for endpoints that haven’t applied the patch, looking for a way into the IT networks of some of the world’s most important brands.

Via The Hacker News

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.