SAP fixes most severity NetWeaver command execution flaw

SAP has addressed 21 new vulnerabilities affecting its merchandise, together with three crucial severity points impacting the NetWeaver software program answer.

SAP NetWeaver is the inspiration for SAP’s enterprise apps like ERP, CRM, SRM, and SCM, and acts as a modular middleware that’s broadly deployed in massive enterprise networks.

In its security bulletin for September, the supplier of enterprise useful resource planning (ERP) software program lists a vulnerability with a most severity rating of 10 out of 10 that’s recognized as CVE-2025-42944.

The security subject is an insecure deserialization vulnerability in SAP NetWeaver (RMIP4), ServerCore 7.50.

An unauthenticated attacker may exploit it to attain arbitrary OS command execution by sending to an open port a malicious Java object by the RMI-P4 module.

RMI-P4 is the Distant Methodology Invocation protocol utilized by SAP NetWeaver AS Java for inner SAP-to-SAP communication, or for administration.

Although the P4 port is open on the host, some organizations could inadvertently expose it to wider networks, or the web, as a result of firewall or different misconfigurations. 

In keeping with the security bulletin, the second crucial flaw SAP mounted this month is CVE-2025-42922 (CVSS v3.1 rating: 9.9), an insecure file operations bug impacting NetWeaver AS Java (Deploy Net Service), J2EE-APPS 7.50.

An attacker with non-administrative authenticated entry can exploit a flaw within the net service deployment performance to add arbitrary recordsdata, doubtlessly permitting full system compromise.

The third flaw is a lacking authentication test in NetWeaver, tracked beneath CVE-2025-42958 (CVSS v3.1 rating: 9.1).

This vulnerability permits unauthorized high-privileged customers to learn, modify, or delete delicate knowledge and entry administrative performance.

SAP additionally addressed the next new high-severity flaws:

• CVE-2025-42933 (SAP Enterprise One SLD): Insecure storage of delicate knowledge (e.g., credentials) that might be extracted and abused.
• CVE-2025-42929 (SLT Replication Server): Lacking enter validation permitting malicious enter to deprave or manipulate replicated knowledge.
• CVE-2025-42916 (S/4HANA): Lacking enter validation in core elements, risking unauthorized knowledge manipulation.

SAP merchandise, deployed by massive organizations and sometimes dealing with mission-critical knowledge, are sometimes focused by menace actors searching for high-value compromises.

Earlier this month, it was revealed that hackers had been exploiting a crucial code injection vulnerability tracked as CVE-2025-42957, impacting S/4HANA, Enterprise One, and NetWeaver merchandise.

System directors are really helpful to observe the patching and mitigation suggestions for the three crucial flaws, out there right here (1, 2, 3) for purchasers with a SAP account.