AI description
CVE-2025-42944 is a deserialization vulnerability affecting SAP NetWeaver. It exists in the RMI-P4 module. An unauthenticated, remote attacker can exploit this vulnerability by sending a malicious payload to an open port. Successful exploitation could lead to arbitrary OS command execution. The vulnerability stems from the insecure deserialization of untrusted Java objects.
- Description
- Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
- Source
- cna@sap.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cna@sap.com
- CWE-502
- Hype score
- Not currently trending
CVE-2025-42944 (CVSS:10.0, CRITICAL) is Awaiting Analysis. Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through th..https://t.co/3qsjH655ri #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Sept 2025
153 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Detection for critical SAP Netweaver vulnerability (CVE-2025-42944): https://t.co/z4ysEpLyDu https://t.co/2yF40jzYQN
@rxerium
11 Sept 2025
131 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42944(CVSS 10.0):Insecure Deserialization vulnerability in SAP Netweaver CVE-2025-42922 (CVSS 9.9):Insecure File Operations vulnerability in SAP NetWeaver AS Java CVE-2025-42958 (CVSS 9.1):Missing Authentication Check vulnerability in the SAP https://t.co/cqsKplAqtN
@viehgroup
11 Sept 2025
298 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Today's top 5 cybersecurity news - September 10, 2025 1. SAP has released security updates addressing 21 vulnerabilities, including three critical flaws in its NetWeaver software, one of which (CVE-2025-42944) has a maximum CVSS score of 10.0. The critical vulnerabilities could
@NewsNerdie
10 Sept 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔨SAP、NetWeaverにおけるコマンド実行の深刻な脆弱性CVE-2025-42944を修正 CVSSスコアは10.0 🤖Anthropicのコーディング支援ツール「Claude Code」の自動レビュー機能、安全性に不安残す 〜サイバーアラート9月10日〜
@MachinaRecord
10 Sept 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-42944(CVSS 10.0):Insecure Deserialization vulnerability in SAP Netweaver CVE-2025-42922 (CVSS 9.9):Insecure File Operations vulnerability in SAP NetWeaver AS Java CVE-2025-42958 (CVSS 9.1):Missing Authentication Check vulnerability in the SAP NetWeaver https
@HunterMapping
10 Sept 2025
7187 Impressions
23 Retweets
106 Likes
44 Bookmarks
0 Replies
0 Quotes
📌 أصدرت SAP تحديثات أمنية لمعالجة ثغرات خطيرة في NetWeaver، تصل درجة خطورتها إلى 10.0، مما قد يؤدي إلى تنفيذ التعليمات البرمجية وتحميل ملفات عشوائية. تشمل الثغر
@Cybercachear
10 Sept 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP patches 21 security issues including critical NetWeaver flaw CVE-2025-42944 allowing unauthenticated remote code execution. Business One, SLD, and Landscape Transformation also affected. #NetWeaverRisk #EnterpriseSecurity #Germany https://t.co/tnVLT6osGA
@TweetThreatNews
9 Sept 2025
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On September 9, 2025, SAP issued emergency patches as part of its Security Patch Day to address a critical remote-code execution (RCE) vulnerability, CVE-2025-42944, View the full Patch Details on - https://t.co/ukyevlRzad https://t.co/6Q82eRlBHe
@Iambivash007
9 Sept 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP patches 21 vulnerabilities including 3 critical in NetWeaver. CVE-2025-42944 allows remote OS command execution via insecure deserialization. File upload and missing auth flaws also fixed. #SAPUpdate #NetWeaverRisk #Germany https://t.co/DHX0vfGqaW
@TweetThreatNews
9 Sept 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨SAP Security Patch Day drops fixes for FOUR critical flaws CVE-2025-42944 (CVSS 10): Insecure deserialization in SAP NetWeaver (RMI-P4) = full RCE, no auth needed! CVE-2025-42922 (CVSS 9.9): Insecure file ops in NetWeaver AS Java = privilege escalation & server takeo
@zoomeye_team
9 Sept 2025
2032 Impressions
5 Retweets
26 Likes
14 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-42944: SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE 🎯349k+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link: https://t.co/LGWXJSvb7z FOFA Query:app="SAP-NetWeaver" || app="SAP-NetWeaver-Application-
@fofabot
9 Sept 2025
1155 Impressions
1 Retweet
11 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-42944, -42922, and other: Multiple vulns in SAP NetWeaver, 3.1 - 10.0 rating 🔥🔥🔥 In the September patch, SAP reported 21 vulns, including Path Traversal, Missing Auth check, and 10.0 severity RCE! Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/xMw0
@Netlas_io
9 Sept 2025
591 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
SAP NetWeaver CVE-2025-42944: Critical Deserialization Flaw A critical deserialization vulnerability in SAP NetWeaver could allow remote code execution if left unpatched. For more details, read ZeroPath's blog on this vuln. #AppSec #SAP #InfoSec https://t.co/qMQ0bMbIBy
@ZeroPathLabs
9 Sept 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42944 Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payloa… https://t.co/i4rqcq0stQ
@CVEnew
9 Sept 2025
252 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes