Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search
Red Hot Cyber Academy

10 out of 10! SAP releases security patches for critical vulnerabilities in NetWeaver.

Redazione RHC : 10 September 2025 10:13

SAP released security updates Tuesday aimed at addressing various vulnerabilities. Among these vulnerabilities, three particularly critical ones exist within the SAP Netweaver environment.

These security vulnerabilities could allow the attacker to execute code of their choosing, as well as upload specific files without any particular constraints.

This comes after a critical security flaw in SAP S/4HANA, recently patched by the company (CVE-2025-42957, with a CVSS score of 9.9), was actively exploited; This news comes shortly after Pathlock and SecurityBridge raised awareness of the issue, with patches being released only a few days later.

An additional highly critical vulnerability has been fixed by SAP within the SAP S/4HANA platform (assigned CVE-2025-42916, with a CVSS score of 8.1), which could have been exploited by an attacker with elevated ABAP reporting permissions to delete data in database tables of their choice, provided they were not covered by a dedicated permission group.

The vulnerabilities are listed below:

  • CVE-2025-42944 (CVSS score: 10.0) – A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to send a malicious payload to an open port via the RMI-P4 module, resulting in the execution of operating system commands.
  • CVE-2025-42922 (CVSS score: 9.9) – An insecure file operations vulnerability in SAP NetWeaver AS Java that could allow an authenticated attacker as a non-administrator to upload an arbitrary file.
  • CVE-2025-42958 (CVSS score: 9.1) – A missing authentication check vulnerability in the SAP NetWeaver application on IBM i-series that could allow unauthorized users with elevated privileges to read, modify, or delete sensitive information, as well as access administrative or privileged functionality.

CVE-2025-42944 allows an unauthenticated attacker to execute arbitrary operating system commands by sending a malicious payload to an open port,” Onapsis said. “A successful exploit can lead to complete application compromise. As a temporary workaround, customers should add P4 port filtering at the ICM level to prevent unknown hosts from connecting to the P4 port.”

To ensure maximum defense, it is crucial that users install the required updates as quickly as possible, SAP emphasizes, despite there being no evidence that the recently disclosed exploits were actually used for malicious purposes.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli