As hackers exploit one high-severity SAP flaw, company warns of 3 more
16 hours ago
- #SAP
- #Cybersecurity
- #Vulnerabilities
- SAP warns users of over two dozen newly detected vulnerabilities in its products, including a maximum-severity flaw (10/10) in NetWeaver.
- The critical NetWeaver vulnerability (CVE-2025-42944) allows unauthenticated attackers to execute commands via malicious payloads on an open port.
- The flaw stems from a deserialization vulnerability, which reverses the serialization process used for data storage/transmission.
- Three other high-severity NetWeaver vulnerabilities were disclosed, with ratings of 9.9, 9.6, and 9.1.
- A separate high-severity SAP S/4HANA vulnerability (CVE-2025-42957, 9.9) is under active exploitation, patched last month.