SAP addressed a **critical insecure deserialization vulnerability (CVE-2025-42944, CVSS 10.0)** in its **SAP NetWeaver** platform, allowing unauthenticated attackers to execute arbitrary OS commands via malicious payloads submitted through the **RMI-P4 module** on an open port. Successful exploitation could fully compromise the **confidentiality, integrity, and availability** of the affected system, enabling attackers to take control of servers, steal sensitive data, or disrupt operations. While no in-the-wild attacks were reported, the flaw posed a severe risk to enterprises relying on NetWeaver for core business processes. Additionally, SAP patched a **Directory Traversal vulnerability (CVE-2025-42937, CVSS 9.8)** in **SAP Print Service (SAPSprint)**, permitting unauthenticated attackers to overwrite system files via path traversal, and an **Unrestricted File Upload flaw (CVE-2025-42910, CVSS 9.0)** in **SAP Supplier Relationship Management**, allowing authenticated attackers to upload and execute malicious files. These vulnerabilities collectively exposed organizations to **data breaches, system takeovers, and operational disruptions**, particularly in supply chain and enterprise resource planning (ERP) environments.
Source: https://securityaffairs.com/183420/security/sap-fixed-maximum-severity-bug-in-netweaver.html
TPRM report: https://www.rankiteo.com/company/sap
"id": "sap0433304101525",
"linkid": "sap",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Enterprise Software',
'location': 'Walldorf, Germany',
'name': 'SAP SE',
'size': 'Large (100,000+ employees)',
'type': 'Software Corporation'}],
'attack_vector': ['Network (RMI-P4 module)',
'Path Traversal (SAP Print Service)',
'File Upload (SAP Supplier Relationship Management)'],
'customer_advisories': 'SAP customers urged to apply patches for the three '
'critical vulnerabilities.',
'date_publicly_disclosed': '2025-10-15',
'description': 'SAP addressed 13 new vulnerabilities, including a maximum '
'severity issue (CVE-2025-42944, CVSS score of 10.0) in SAP '
'NetWeaver. The vulnerability is an **insecure '
'deserialization** that could lead to **arbitrary command '
'execution** by an unauthenticated attacker via the **RMI-P4 '
'module** through an open port. The deserialization of '
'untrusted Java objects could compromise the application’s '
'**confidentiality, integrity, and availability**. Two other '
'critical flaws were patched: **CVE-2025-42937** (Directory '
'Traversal in SAP Print Service, CVSS 9.8) and '
'**CVE-2025-42910** (Unrestricted File Upload in SAP Supplier '
'Relationship Management, CVSS 9.0). No attacks in the wild '
'were reported.',
'impact': {'brand_reputation_impact': 'Potential (due to critical '
'vulnerabilities in enterprise '
'software)',
'operational_impact': 'High (potential compromise of '
'confidentiality, integrity, and '
'availability)',
'systems_affected': ['SAP NetWeaver',
'SAP Print Service (SAPSprint)',
'SAP Supplier Relationship Management']},
'investigation_status': 'Resolved (patches released; no evidence of '
'exploitation in the wild)',
'lessons_learned': 'Critical vulnerabilities in enterprise software like SAP '
'NetWeaver can expose organizations to severe risks (e.g., '
'arbitrary command execution) if left unpatched. Proactive '
'patch management and input validation (e.g., '
'deserialization, file uploads) are essential to mitigate '
'such threats.',
'post_incident_analysis': {'corrective_actions': ['Released security patches '
'to address the '
'vulnerabilities.',
'Enhanced input validation '
'mechanisms in affected '
'components.',
'Encouraged customers to '
'implement least-privilege '
'access controls.'],
'root_causes': ['Insecure deserialization in SAP '
'NetWeaver (lack of input '
'validation for Java objects).',
'Missing path traversal '
'protections in SAP Print Service.',
'Inadequate file type/content '
'verification in SAP Supplier '
'Relationship Management.']},
'recommendations': ['Apply SAP security patches for CVE-2025-42944, '
'CVE-2025-42937, and CVE-2025-42910 immediately.',
'Restrict network access to SAP NetWeaver’s RMI-P4 module '
'and other exposed services.',
'Implement strict file type/content validation for '
'uploads in SAP Supplier Relationship Management.',
'Monitor for unauthorized file modifications in SAP Print '
'Service (SAPSprint).',
'Conduct regular security audits for deserialization '
'vulnerabilities in Java-based applications.'],
'references': [{'date_accessed': '2025-10-15',
'source': 'SecurityAffairs',
'url': 'https://securityaffairs.com/153422/security/sap-fixed-maximum-severity-bug-netweaver.html'},
{'source': 'SAP Security Notes'}],
'response': {'communication_strategy': ['Public advisory via SAP Security '
'Notes',
'Media coverage (e.g., '
'SecurityAffairs)'],
'containment_measures': ['Software patches released for '
'CVE-2025-42944, CVE-2025-42937, '
'CVE-2025-42910'],
'incident_response_plan_activated': 'Yes (vulnerabilities '
'patched)',
'remediation_measures': ['Users advised to apply security '
'updates immediately']},
'title': 'SAP Fixed Maximum-Severity Bug in NetWeaver (CVE-2025-42944)',
'type': ['Vulnerability Disclosure',
'Arbitrary Command Execution',
'Insecure Deserialization',
'Directory Traversal',
'Unrestricted File Upload'],
'vulnerability_exploited': [{'affected_component': 'RMI-P4 module',
'cve_id': 'CVE-2025-42944',
'cvss_score': 10.0,
'description': 'Insecure deserialization in SAP '
'NetWeaver leading to arbitrary '
'OS command execution '
'(unauthenticated).'},
{'affected_component': 'SAP Print Service',
'cve_id': 'CVE-2025-42937',
'cvss_score': 9.8,
'description': 'Directory Traversal in SAP Print '
'Service (SAPSprint) allowing '
'unauthenticated file overwrite.'},
{'affected_component': 'SAP Supplier Relationship '
'Management',
'cve_id': 'CVE-2025-42910',
'cvss_score': 9.0,
'description': 'Unrestricted File Upload in SAP '
'Supplier Relationship Management '
'due to missing file type/content '
'verification (authenticated).'}]}