SAP Issues Critical Security Alert for Multiple Products
▼ Summary
– SAP is warning users about over two dozen newly detected vulnerabilities in its widely used products, including one with a maximum-severity rating of 10.
– The highest-severity vulnerability, CVE-2025-42944, is in NetWeaver and allows unauthenticated attackers to execute commands via malicious payloads.
– This maximum-severity threat is a deserialization vulnerability, which involves reconstructing data structures from stored or transmitted formats.
– SAP also disclosed three other high-severity NetWeaver vulnerabilities with ratings of 9.9, 9.6, and 9.1.
– This disclosure follows reports that a separate high-severity SAP vulnerability, CVE-2025-42957 in S/4HANA, is already under active exploitation.
SAP has issued a critical security alert addressing multiple newly identified vulnerabilities across its product range, including one flaw with the highest possible severity score. This warning comes as threat actors actively exploit a separate high-severity vulnerability in the company’s widely deployed enterprise software, raising alarms for organizations relying on SAP systems.
The most severe issue, assigned a perfect 10.0 CVSS score, affects the NetWeaver platform, which underpins numerous SAP enterprise applications. Identified as CVE-2025-42944, this vulnerability allows unauthenticated attackers to run arbitrary commands by sending malicious data to an open network port. The root cause lies in a deserialization flaw, a type of coding weakness where improperly handled data can be manipulated to execute unintended actions during processing.
In the same advisory, SAP detailed three additional high-severity vulnerabilities within NetWeaver, with scores of 9.9, 9.6, and 9.1. These findings follow a recent alert from cybersecurity firm SecurityBridge, which reported active exploitation of another vulnerability, CVE-2025-42957, just five days earlier. That flaw, also rated 9.9 in severity, exists in the SAP S/4HANA enterprise resource planning suite, a system used by major organizations to manage essential operations like finance, accounting, and human resources.
(Source: Ars Technica)
