AI description
CVE-2025-42944 is a deserialization vulnerability affecting SAP NetWeaver. It exists in the RMI-P4 module. An unauthenticated, remote attacker can exploit this vulnerability by sending a malicious payload to an open port. Successful exploitation could lead to arbitrary OS command execution. The vulnerability stems from the insecure deserialization of untrusted Java objects.
- Description
- Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
- Source
- cna@sap.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cna@sap.com
- CWE-502
- Hype score
- Not currently trending
⚠️Vulnerabilidades en productos SAP ❗CVE-2025-42890 ❗CVE-2025-42944 ❗CVE-2025-42887 ➡️Más info: https://t.co/YEezsg2cT3 https://t.co/tGhhWUgkEE
@CERTpy
14 Nov 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-42890 - SAP SQL Anywhere Monitor Hardcoded Creds RCE SAP's monitoring tool shipped with hardcoded credentials enabling unauthenticated RCE—rated CVSS 10.0. What's brutal: CVE-2025-42890 is the marquee issue, but SAP also patched CVE-2025-42887 and CVE-2025-4294
@the_c_protocol
12 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#SAP: Patches 3 Critical Vulnerabilities (CVSS 10.0) Including RCE / Code Injection and Hardcoded Credentials affecting SQL Anywhere Monitor (Non-GUI), SAP NetWeaver AS Java, and SAP Solution Manager:(CVE-2025-42890, CVE-2025-42944, CVE-2025-42887): 👇 https://t.co/KgkaA6igjt
@securestep9
11 Nov 2025
1315 Impressions
3 Retweets
8 Likes
5 Bookmarks
0 Replies
0 Quotes
⚠️ Heads-up! SAP just re-patched a critical CVSS 10.0 flaw (CVE-2025-42944) in NetWeaver AS Java — a deserialization bug that lets attackers execute commands without authentication. Apply. The. Fix. → https://t.co/d3AaPHWP2B
@zeeshankghouri
20 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP「10月パッチデー」で脆弱性の修正17件を公開-NetWeaver AS JavaのCVSS 10.0を最優先に(CVE-2025-42944) https://t.co/f7vjcbqQ7L #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
17 Oct 2025
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Heads-up! SAP just re-patched a critical CVSS 10.0 flaw (CVE-2025-42944) in NetWeaver AS Java — a deserialization bug that lets attackers execute commands without authentication. https://t.co/bce6zQzu8K https://t.co/n8o3Z5sgwA
@nabeela336771
16 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP has released new security updates fixing 13 vulnerabilities, including a critical flaw (CVE-2025-42944, CVSS 10.0) in SAP NetWeaver AS Java that could allow remote command execution through insecure deserialization. The update adds extra protection using JVM-wide filte
@haseebgakhar
15 Oct 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42944: The SAP Vulnerability Every Security Team Must Fix Today Full Story 👉 https://t.co/r7WRADLne6 #Vulnerability #hacker https://t.co/3YhFfGG9jn
@CSec88
15 Oct 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical SAP NetWeaver bug (CVE-2025-42944) allows server takeover without login! CVSS 10.0. Act fast, patch now! https://t.co/MuvfwjdUAj #SAPSecurity #NetWeaver #Cybersecurity #Vulnerability #PatchNow
@0xT3chn0m4nc3r
15 Oct 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أصدرت SAP تحديثات أمان لنحو 13 مشكلة جديدة، بما في ذلك إصلاح ثغرة خطيرة في SAP NetWeaver AS Java، مما يمكن المهاجمين من تنفيذ أوامر عشوائية دون دخول. تُعرف الثغرة ب
@Cybercachear
15 Oct 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42944, -42937, -42910, and other: Multiple vulnerabilities in SAP NetWeaver, 5.3 - 10.0 🔥🔥🔥 SAP published a list of 13 new vulns affecting NetWeaver, NetWeaver AS Java, and other products. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/FS5cUVOCgu h
@Netlas_io
15 Oct 2025
343 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Heads-up! SAP just re-patched a critical CVSS 10.0 flaw (CVE-2025-42944) in NetWeaver AS Java — a deserialization bug that lets attackers execute commands without authentication. Apply. The. Fix. → https://t.co/8xfoP2ROOI
@TheHackersNews
15 Oct 2025
15106 Impressions
47 Retweets
90 Likes
15 Bookmarks
3 Replies
4 Quotes
Se detecta la vulnerabilidad crítica CVE-2025-42944 en SAP NetWeaver (CVSS 10.0), expuesta en miles de instancias a nivel global. En México, al menos 96 dispositivos aparecen accesibles, lo que abre la puerta a ejecución remota de comandos sin autenticación. El riesgo afecta
@tpx_Security
10 Oct 2025
118 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
🚨CVE-2025-42944: Maximum-Severity OS Command Execution Vulnerability in SAP NetWeaver CVSS: 10 FOFA Query: app="SAP-NetWeaver" || app="SAP-NetWeaver-Application-Server-Java" FOFA: https://t.co/6SeFhfM3kq Results: 515,194 https://t.co/RihTIN1Gkk
@DarkWebInformer
9 Oct 2025
15001 Impressions
44 Retweets
195 Likes
82 Bookmarks
0 Replies
0 Quotes
Pakistan’s NCERT Warns Of Critical SAP NetWeaver Flaws Allowing Remote Code Execution https://t.co/iLij1WfFNK Vulnerabilities, CVE-2025-42944, cybersecurity, data breaches, enterprise security, nCERT, Pakistan CERT, ransomware, SAP NetWeaver, vulnerabili… https://t.co/B37q6p4
@spinidg
3 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42944 (CVSS:10.0, CRITICAL) is Awaiting Analysis. Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through th..https://t.co/3qsjH655ri #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Sept 2025
153 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Detection for critical SAP Netweaver vulnerability (CVE-2025-42944): https://t.co/z4ysEpLyDu https://t.co/2yF40jzYQN
@rxerium
11 Sept 2025
131 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42944(CVSS 10.0):Insecure Deserialization vulnerability in SAP Netweaver CVE-2025-42922 (CVSS 9.9):Insecure File Operations vulnerability in SAP NetWeaver AS Java CVE-2025-42958 (CVSS 9.1):Missing Authentication Check vulnerability in the SAP https://t.co/cqsKplAqtN
@viehgroup
11 Sept 2025
298 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Today's top 5 cybersecurity news - September 10, 2025 1. SAP has released security updates addressing 21 vulnerabilities, including three critical flaws in its NetWeaver software, one of which (CVE-2025-42944) has a maximum CVSS score of 10.0. The critical vulnerabilities could
@NewsNerdie
10 Sept 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔨SAP、NetWeaverにおけるコマンド実行の深刻な脆弱性CVE-2025-42944を修正 CVSSスコアは10.0 🤖Anthropicのコーディング支援ツール「Claude Code」の自動レビュー機能、安全性に不安残す 〜サイバーアラート9月10日〜
@MachinaRecord
10 Sept 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-42944(CVSS 10.0):Insecure Deserialization vulnerability in SAP Netweaver CVE-2025-42922 (CVSS 9.9):Insecure File Operations vulnerability in SAP NetWeaver AS Java CVE-2025-42958 (CVSS 9.1):Missing Authentication Check vulnerability in the SAP NetWeaver https
@HunterMapping
10 Sept 2025
7187 Impressions
23 Retweets
106 Likes
44 Bookmarks
0 Replies
0 Quotes
📌 أصدرت SAP تحديثات أمنية لمعالجة ثغرات خطيرة في NetWeaver، تصل درجة خطورتها إلى 10.0، مما قد يؤدي إلى تنفيذ التعليمات البرمجية وتحميل ملفات عشوائية. تشمل الثغر
@Cybercachear
10 Sept 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP patches 21 security issues including critical NetWeaver flaw CVE-2025-42944 allowing unauthenticated remote code execution. Business One, SLD, and Landscape Transformation also affected. #NetWeaverRisk #EnterpriseSecurity #Germany https://t.co/tnVLT6osGA
@TweetThreatNews
9 Sept 2025
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On September 9, 2025, SAP issued emergency patches as part of its Security Patch Day to address a critical remote-code execution (RCE) vulnerability, CVE-2025-42944, View the full Patch Details on - https://t.co/ukyevlRzad https://t.co/6Q82eRlBHe
@Iambivash007
9 Sept 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP patches 21 vulnerabilities including 3 critical in NetWeaver. CVE-2025-42944 allows remote OS command execution via insecure deserialization. File upload and missing auth flaws also fixed. #SAPUpdate #NetWeaverRisk #Germany https://t.co/DHX0vfGqaW
@TweetThreatNews
9 Sept 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨SAP Security Patch Day drops fixes for FOUR critical flaws CVE-2025-42944 (CVSS 10): Insecure deserialization in SAP NetWeaver (RMI-P4) = full RCE, no auth needed! CVE-2025-42922 (CVSS 9.9): Insecure file ops in NetWeaver AS Java = privilege escalation & server takeo
@zoomeye_team
9 Sept 2025
2032 Impressions
5 Retweets
26 Likes
14 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-42944: SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE 🎯349k+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link: https://t.co/LGWXJSvb7z FOFA Query:app="SAP-NetWeaver" || app="SAP-NetWeaver-Application-
@fofabot
9 Sept 2025
1155 Impressions
1 Retweet
11 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-42944, -42922, and other: Multiple vulns in SAP NetWeaver, 3.1 - 10.0 rating 🔥🔥🔥 In the September patch, SAP reported 21 vulns, including Path Traversal, Missing Auth check, and 10.0 severity RCE! Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/xMw0
@Netlas_io
9 Sept 2025
591 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
SAP NetWeaver CVE-2025-42944: Critical Deserialization Flaw A critical deserialization vulnerability in SAP NetWeaver could allow remote code execution if left unpatched. For more details, read ZeroPath's blog on this vuln. #AppSec #SAP #InfoSec https://t.co/qMQ0bMbIBy
@ZeroPathLabs
9 Sept 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42944 Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payloa… https://t.co/i4rqcq0stQ
@CVEnew
9 Sept 2025
252 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes