SAP Patches Critical NetWeaver (CVSS Up to 10.0) and Previously Exploited S/4HANA Flaws

Sep 10, 2025Ravie LakshmananSoftware Security / Vulnerability

SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files.

The vulnerabilities are listed below –

• CVE-2025-42944 (CVSS score: 10.0) – A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious payload to an open port through the RMI-P4 module, resulting in operating system command execution
• CVE-2025-42922 (CVSS score: 9.9) – An insecure file operations vulnerability in SAP NetWeaver AS Java that could allow an attacker authenticated as a non-administrative user to upload an arbitrary file
• CVE-2025-42958 (CVSS score: 9.1) – A missing authentication check vulnerability in the SAP NetWeaver application on IBM i-series that could allow highly privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities

“[CVE-2025-42944] allows an unauthenticated attacker to execute arbitrary OS commands by submitting a malicious payload to an open port,” Onapsis said. “A successful exploit can lead to full compromise of the application. As a temporary workaround, customers should add P4 port filtering at the ICM level to prevent unknown hosts from connecting to the P4 port.”

Also addressed by SAP is a high-severity missing input validation bug in SAP S/4HANA (CVE-2025-42916, CVSS score: 8.1) that could permit an attacker with high privilege access to ABAP reports to delete the content of arbitrary database tables, should the tables not be protected by an authorization group.

The patches arrive days after SecurityBridge and Pathlock disclosed that a critical security defect in SAP S/4HANA that was fixed by the company last month (CVE-2025-42957, CVSS score: 9.9) has come under active exploitation in the wild.

While there is no evidence that the newly disclosed issues have been weaponized by bad actors, it’s essential that users move to apply the necessary updates as soon as possible for optimal protection.