CVE-2025-42944
published 2025-09-09CVE-2025-42944: Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious…
PriorityP277critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
2.88%
85.1th percentile
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap_se | sap_netweaver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated inbound connections to the SAP NetWeaver RMI-P4 port carrying serialized Java object payloads, which may indicate exploitation of CVE-2025-42944. ↗
- →Alert on unexpected OS command execution spawned from SAP NetWeaver Java Application Server processes, as successful exploitation results in arbitrary OS command execution. ↗
- ·The RMI-P4 port should not be exposed to untrusted networks; restrict access at the network perimeter to reduce the unauthenticated attack surface. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor
blogs_bleepingcomputer·2025-11-11·CVSS 9.9
CVE-2025-42890 [CRITICAL] SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor
## SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor
## Bill Toulas
SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform.
The security problem in SQL Anywhere Monitor is tracked as CVE-2025-42890 and consists of hardcoded credentials. Because of the elevated risk, the vulnerability received the maximum severity score of 10.0.
"SQL Anywhere Monitor (Non-GUI) baked credentials into the code, exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution," reads the description for the flaw.
Depending on how they ar
Bleepingcomputer
SAP fixes maximum severity NetWeaver command execution flaw
blogs_bleepingcomputer·2025-09-09·CVSS 9.9
[CRITICAL] SAP fixes maximum severity NetWeaver command execution flaw
## SAP fixes maximum severity NetWeaver command execution flaw
## Bill Toulas
SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution.
SAP NetWeaver is the foundation for SAP's business apps like ERP, CRM, SRM, and SCM, and acts as a modular middleware that is broadly deployed in large enterprise networks.
In its security bulletin for September, the provider of enterprise resource planning (ERP) software lists a vulnerability with a maximum severity score of 10 out of 10 that is identified as CVE-2025-42944 .
The security issue is an insecure deserialization vulnerability in SAP NetWeaver (RMIP4), ServerCore 7.50.
An unauthenticated attacker could exploit it to achieve arbitrary OS command exe
Wiz
CVE-2026-23686 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-23686 [CRITICAL] CVE-2026-23686 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23686 :
SAP NetWeaver Application Server Java vulnerability analysis and mitigation
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated configuration, allowing manipulation of application-controlled settings. Successful exploitation leads to a low impact on integrity, while confidentiality and availability remain unaffected.
Source : NVD
## 3.4
Score
Published February 10, 2026
Severity LOW
CNA Score 3.4
Affected Technologies
SAP NetWeaver Application Server Java
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Da
2025-09-09
Published