Deserialization Vulnerability in SAP NetWeaver
CVE-2025-42944

10CRITICAL

Key Information:

Vendor: SAP
Status: SAP Netweaver (rmi-p4)
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-42944?

A deserialization vulnerability has been identified in SAP NetWeaver affecting the RMI-P4 module. This vulnerability allows unauthenticated attackers to exploit system weaknesses by sending specially crafted payloads to an open port. If successful, the vulnerability could enable arbitrary execution of operating system commands, which poses significant risks to the confidentiality, integrity, and availability of the application. Organizations using affected versions should apply recommended security patches promptly to mitigate these risks.

Affected Version(s)

SAP Netweaver (RMI-P4) SERVERCORE 7.50

References

https://me.sap.com/notes/3634501

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025