SAP launched its October 2025 Safety Patch Day fixes, addressing 13 new vulnerabilities and updating 4 prior notes, with a number of important flaws in NetWeaver enabling attackers to sidestep authorization and run arbitrary working system instructions on affected techniques.
Among the many most alarming is CVE-2025-42944, an insecure deserialization challenge in SAP NetWeaver AS Java’s RMI-P4 module, rated at an ideal CVSS rating of 10.0 for its potential to grant unauthenticated distant attackers full management with none login credentials.
This vulnerability, first patched in September however now bolstered with additional safeguards, underscores the continued dangers to SAP environments that energy world enterprise operations, doubtlessly resulting in information breaches, ransomware deployment, or full system takeovers.
Crucial Deserialization Flaw Permits Distant Takeover
The core risk stems from how SAP NetWeaver handles serialized Java objects over its proprietary RMI-P4 protocol, sometimes uncovered on ports like 50004 or 50014, the place inadequate validation permits malicious payloads to be deserialized and executed instantly on the server.
Attackers can craft these payloads remotely over the community, bypassing all authentication checks and triggering arbitrary OS command execution with the privileges of the NetWeaver course of, which regularly runs with elevated entry in enterprise setups.
Onapsis Analysis Labs collaborated with SAP to establish this threat, noting that exploitation requires no consumer interplay and will compromise confidentiality, integrity, and availability throughout linked SAP landscapes.
Affected variations embrace SERVERCORE 7.50, and whereas no public proofs-of-concept exist but, the flaw’s simplicity makes it a chief goal for risk actors scanning for unpatched techniques.
SAP’s October replace to notes 3660659 and 3634501 introduces a JVM-wide filter (jdk.serialFilter) to dam harmful class deserialization, dividing protections into necessary and elective lists developed with safety specialists to stop gadget chains that result in code execution.
Nonetheless, complementary points amplify the hazard, corresponding to CVE-2025-31331, an authorization bypass in older NetWeaver variations (SAP_ABA 700 to 75I), permitting low-privileged customers to entry restricted features and doubtlessly escalate to command injection.
One other replace to notice 3441087 covers lacking checks in SAP S/4HANA’s buy contract administration, whereas CVE-2025-42901 permits code injection through the BAPI Browser in ABAP servers, letting authenticated customers alter code flows and expose delicate information [query].
These flaws, with CVSS scores from 4.3 to five.4, spotlight persistent gaps in entry controls that would chain with deserialization exploits for deeper intrusions.
Past NetWeaver, the patch day tackles associated high-severity points like CVE-2025-42937, a 9.8-rated listing traversal in SAP Print Service variations 8.00 and eight.10, enabling unauthenticated file overwrites, and CVE-2025-42910, a file add vulnerability in Provider Relationship Administration that escalates to system compromise.
CVE IDNote IDProductAffected VersionsSeverityCVSS ScoreDescriptionCVE-2025-429443660659, 3634501 (replace)SAP NetWeaver AS Java (RMI-P4)SERVERCORE 7.50Critical10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)Insecure deserialization permitting unauthenticated distant code execution through malicious payloads on open ports.CVE-2025-429373630595SAP Print ServiceSAPSPRINT 8.00, 8.10Critical9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Listing traversal on account of inadequate path validation, enabling unauthenticated file overwrites .CVE-2025-429103647332SAP Provider Relationship ManagementSRMNXP01 100, 150Critical9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)Unrestricted file add permitting authenticated customers with consumer interplay to attain system compromise .CVE-2025-51153664466SAP Commerce Cloud (Search and Navigation)HY_COM 2205, COM_CLOUD 2211, 2211-JDK21High7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Denial of service through useful resource exhaustion in search performance.CVE-2025-489133658838SAP Knowledge Hub Integration SuiteCX_DATAHUB_INT_PACK 2205High7.1 (AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)Safety misconfiguration exposing delicate information over adjoining networks with consumer interplay .CVE-2025-00593503138 (replace)SAP NetWeaver Utility Server ABAP (SAP GUI for HTML)KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.12, 9.14Medium6.0 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)Data disclosure of client-side enter historical past to high-privilege native attackers.CVE-2025-429013652788SAP Utility Server for ABAP (BAPI Browser)SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 816Medium5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)Code injection permitting low-privileged customers to change code execution flows.CVE-2025-429083642021SAP NetWeaver Utility Server for ABAPKRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16Medium5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)Cross-site request forgery through inconsistent session dealing with, bypassing first-screen checks .CVE-2025-429843441087 (replace)SAP S/4HANA (Handle Central Buy Contract)S4CORE 106, 107, 108Medium5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L)Lacking authorization checks permitting low-privileged entry to delicate procurement features.CVE-2025-429063634724SAP Commerce CloudCOM_CLOUD 2211Medium5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Listing traversal exposing restricted file reads with out authentication.CVE-2025-429023627308SAP NetWeaver AS ABAP and ABAP PlatformKRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53; KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.14, 9.15, 9.16Medium5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)Reminiscence corruption in ticket verification resulting in unauthenticated denial of service.CVE-2025-429393625683SAP S/4HANA (Handle Processing Guidelines for Financial institution Statements)S4CORE 104, 105, 106, 107, 108, 109Medium4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)Lacking authorization permitting low-privileged customers to govern financial institution assertion guidelines .CVE-2025-313313577131 (replace)SAP NetWeaverSAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, 75IMedium4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)Authorization bypass enabling low-privileged entry to restricted NetWeaver features.CVE-2025-429033656781SAP Monetary Service Claims ManagementINSURANCE 803, 804, 805, 806; S4CEXT 107, 108, 109Medium4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)Consumer enumeration and delicate information publicity through RFC features .CVE-2025-316723617142SAP BusinessObjects (Net Intelligence and Platform Search)ENTERPRISE 430, 2025, 2027Low3.5 (AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)Consumer enumeration and delicate information publicity through RFC features.CVE-2025-429093643871SAP Cloud Equipment Library AppliancesTITANIUM_WEBAPP 4.0Low3.0 (AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N)Deserialization flaw permitting low-privileged customers with interplay to trigger integrity points.
Safety corporations urge instant patching, emphasizing multi-layered defenses given the rising exploits in SAP ecosystems, as seen in current zero-days.
SAP advises prospects to prioritize these updates through the Help Portal to safeguard in opposition to evolving threats in mission-critical functions.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
