SAP patched 13 bugs Oct. 14, one of them a critical 10.0 deserialization vulnerability in SAP NetWeaver that could let an unauthenticated attacker conduct arbitrary OS command execution, posing a risk to an application’s confidentiality, integrity, and availability.The SAP NetWeaver flaw — CVE-2025-42944 — could let an attacker exploit the system through the RMI-P4 module by submitting a malicious payload to an open port.“A recently discovered vulnerability in SAP NetWeaver allows attackers to completely control vulnerable servers without requiring a login, posing a significant security threat to companies that have not yet patched,” said John Carberry, solution sleuth at Xcape, Inc. “Systems without the patch are at risk of data theft, business disruption, and attackers moving deeper into corporate networks.”Carberry said although the official patch is the only permanent solution, temporary measures like limiting network access, strengthening authentication, increasing monitoring, and disabling unnecessary components can help. Organizations should urgently prioritize patching because the flaw is easily exploited remotely and highly appealing to attackers because of the abundance of sensitive information contained within SAP applications, Carberry continued.Ryan Emmons, a security researcher at Rapid7, added that insecure deserialization typically presents highly reliable exploitation as a bug class, and deserialization bug patches tend to be easy for attackers to analyze and develop a proof-of-concept exploit against. Emmons said these patches often involve gadget filter list modifications and changes to serializable classes, which are often easier for attackers to reverse than patches for many other vulnerability classes.“Since SAP products are widely used by big organizations, attackers and researchers should pay close attention to newly announced vulnerabilities affecting these products,” said Emmons. “In fact, this recent October patch for CVE-2025-42944 is a follow-up patch to last month’s initial CVE-2025-42944 patch, seemingly because researchers found a way to bypass the previous month’s patch.”
Vulnerability Management, Patch/Configuration Management, Application security

SAP patches critical 10.0 NetWeaver flaw

(Adobe Stock)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



