Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

SAP Patches Critical NetWeaver Flaw

September 11, 2025
Reading Time: 3 mins read
in Alerts
SAP Patches Critical NetWeaver Flaw

SAP NetWeaver, a core foundation for many of the company’s enterprise applications like ERP and CRM, has been impacted by three critical vulnerabilities. The most severe flaw, CVE-2025-42944 (CVSS 10.0), is an insecure deserialization vulnerability in the RMIP4 module that could allow an unauthenticated attacker to execute OS commands by sending a malicious Java object. While the P4 port is meant for internal use, misconfigurations can expose it to wider networks or the internet, increasing the risk.

SAP’s security bulletin for September highlights several serious vulnerabilities that could pose a significant risk to large enterprise networks. The most critical issue, identified as CVE-2025-42944, is an insecure deserialization flaw within the RMIP4 component of SAP NetWeaver. This vulnerability, which received a maximum severity score of 10 out of 10, could allow an unauthenticated attacker to remotely execute arbitrary operating system commands. By sending a specially crafted malicious Java object to an open P4 port, an attacker can exploit this flaw to compromise the system.

A second critical vulnerability, CVE-2025-42922 (CVSS score of 9.9), was also patched in SAP NetWeaver AS Java. This insecure file operations bug allows an authenticated user with non-administrative access to upload arbitrary files. The flaw is located in the web service deployment functionality, and its exploitation could lead to a full system compromise. The ability to upload malicious files gives an attacker a foothold to escalate privileges and gain control over the system.

The third critical flaw addressed is a missing authentication check, CVE-2025-42958 (CVSS score of 9.1), also affecting SAP NetWeaver. This issue allows unauthorized but high-privileged users to read, modify, or delete sensitive data and access administrative functions. While it requires an existing user account with specific privileges, the vulnerability bypasses crucial authentication checks, making it easier for an attacker who has already breached part of the system to gain further access and manipulate critical data.

In addition to the critical flaws, SAP also patched several high-severity vulnerabilities. These include CVE-2025-42933 in SAP Business One SLD, which involves insecure storage of sensitive data like credentials. Other high-severity issues include CVE-2025-42929 in SLT Replication Server and CVE-2025-42916 in S/4HANA, both of which involve missing input validation that could allow attackers to corrupt, manipulate, or gain unauthorized access to data.

Given that SAP products are often used by large organizations to manage mission-critical data, these vulnerabilities are a high-value target for threat actors. Earlier this month, a critical code injection vulnerability, CVE-2025-42957, was being actively exploited. System administrators are strongly urged to apply the recommended patches and follow the mitigation advice provided by SAP to prevent potential exploitation of these and other vulnerabilities.

Reference:

  • SAP Fixes Critical NetWeaver Command Execution Vulnerability of Maximum Severity
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecuritySeptember 2025
ADVERTISEMENT

Related Posts

Hackers Target Libraesva Email Flaw

Hackers Target Libraesva Email Flaw

September 30, 2025
Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

September 30, 2025
Hackers Target Libraesva Email Flaw

Cisco Warns Of IOS Zero Day Bug

September 30, 2025
Fake Microsoft Teams Installers Spread

Fake Microsoft Teams Installers Spread

September 30, 2025
Fake Microsoft Teams Installers Spread

Cybercriminals Use Facebook Google Ads

September 30, 2025
Fake Microsoft Teams Installers Spread

CISA Warns Of Critical Sudo Flaw

September 30, 2025

Latest Alerts

Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

Cisco Warns Of IOS Zero Day Bug

CISA Warns Of Critical Sudo Flaw

Cybercriminals Use Facebook Google Ads

Fake Microsoft Teams Installers Spread

Subscribe to our newsletter

    Latest Incidents

    Ukrainian Hackers Breach Crimean Servers

    Ransomware Gang Claims Maryland Breach

    Arizona School District Data Breach

    Attackers Take Down Asahi Brewer

    Harrods Alerts Customers To Breach

    Hackers Steal Photos From Kido Nursery

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial