CVE-2025-42944Deserialization of Untrusted Data in SE SAP Netweaver

CWE-502Deserialization of Untrusted Data4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
0.1%
top 65.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver
Timeline
PublishedSep 9

Description

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages1 packages

CVEListV5sap_se/sap_netweaverSERVERCORE 7.50

🔴Vulnerability Details

2
CVEList
Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)2025-09-09
GHSA
GHSA-f3f2-7mpx-vwjh: Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting2025-09-09
CVE-2025-42944 — Deserialization of Untrusted Data | cvebase