Deserialization Vulnerability in SAP NetWeaver

CVE-2025-42944

What is CVE-2025-42944?

CVE-2025-42944 is a deserialization vulnerability located within the SAP NetWeaver platform, which is a crucial application server used for building and integrating business applications. The vulnerability permits unauthorized attackers to exploit the RMI-P4 module by sending specifically crafted malicious payloads to an exposed port. This deserialization flaw can lead to arbitrary command execution on the operating system, jeopardizing the overall security of SAP applications. If successfully exploited, this vulnerability can severely compromise an organization’s data confidentiality, integrity, and availability, resulting in significant operational disruptions.

Potential impact of CVE-2025-42944

1. Unauthorized Command Execution: The vulnerability allows attackers to execute arbitrary commands on the operating system, which can lead to the installation of malicious software, data manipulation, or further network intrusions.

2. Data Breaches: Exploiting this vulnerability could lead to unauthorized access to sensitive data, resulting in potential data breaches that would violate compliance standards and damage an organization’s reputation.

3. Operational Disruption: The arbitrary code execution enabled by this vulnerability could severely disrupt business operations, leading to downtime and loss of productivity, as well as incurring costs related to incident response and recovery efforts.

News Articles

SecurityWeek

CVE-2025-42944

SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM

SAP announces 16 new and updated patch notes as part of its monthly rollout, including three that address critical vulnerabilities.

3 weeks ago

The Hacker News

CVE-2025-42944

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and Previously Exploited S/4HANA Flaws

SAP patches critical NetWeaver and S/4HANA flaws (CVSS 8.1–10.0), preventing code execution, file upload, and data loss.

References