cbcvebase.
CVE-2025-42944
published 2025-09-09

CVE-2025-42944: Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious…

PriorityP277critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
2.88%
85.1th percentile
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.

Affected

1 ranges
VendorProductVersion rangeFixed in
sap_sesap_netweaver

Detection & IOCsextracted from sources · hover to see the quote

portRMI-P4 open port
  • Monitor for unauthenticated inbound connections to the SAP NetWeaver RMI-P4 port carrying serialized Java object payloads, which may indicate exploitation of CVE-2025-42944.
  • Alert on unexpected OS command execution spawned from SAP NetWeaver Java Application Server processes, as successful exploitation results in arbitrary OS command execution.
  • ·The RMI-P4 port should not be exposed to untrusted networks; restrict access at the network perimeter to reduce the unauthenticated attack surface.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.