Enterprise software program maker SAP on Tuesday introduced the discharge of 16 new and up to date patch notes as a part of its month-to-month rollout, together with three contemporary notes that deal with critical-severity vulnerabilities.
One of many patches launched on October 2025 Safety Patch Day resolves as soon as once more CVE-2025-42944 (CVSS rating of 10/10), described as an insecure deserialization flaw in NetWeaver AS Java.
Based on enterprise software program safety agency Onapsis, the safety notice provides contemporary protections to insecure deserialization flaws resolved in NetWeaver over the previous months, together with CVE-2025-42944, which was initially patched in September 2025.
The truth is, SAP additionally up to date the September 2025 safety notice coping with CVE-2025-42944, so as to add a reference to the newly launched hardening suggestions.
“The extra layer of safety is predicated on implementing a JVM-wide filter (jdk.serialFilter) that stops devoted lessons from being deserialized,” says Onapsis.
One other critical-severity subject resolved on Tuesday is CVE-2025-42937 (CVSS rating of 9.8), a listing traversal bug in Print Service, which may enable unauthenticated attackers to overwrite system information.
SAP additionally rolled out patches for CVE-2025-42910 (CVSS rating of 9.0), an unrestricted file add defect in Provider Relationship Administration (SRM) that would enable authenticated attackers to add arbitrary information, together with executables containing malware.
This month, SAP printed two safety notes addressing high-severity vulnerabilities. The primary resolves CVE-2025-5115, a denial-of-service (DoS) bug in Commerce Cloud, whereas the second fixes CVE-2025-48913, a safety misconfiguration flaw in Information Hub Integration Suite.Commercial. Scroll to proceed studying.
The remaining 10 new and up to date safety notes resolve medium- and low-severity defects in NetWeaver, ABAP, Commerce Cloud, S/4HANA, Monetary Service Claims Administration, BusinessObjects, and Cloud Equipment.
After the scheduled month-to-month patch day, SAP up to date its September 2025 advisory with one new and 7 up to date safety notes, together with three coping with critical-severity vulnerabilities.
SAP makes no point out of any of those points being exploited within the wild, however customers are suggested to use the patches and mitigations as quickly as doable. Menace actors are identified to have focused SAP bugs of their assaults.
Associated: New Exploit Poses Menace to SAP NetWeaver Situations
Associated: Crucial Vulnerability Patched in SAP NetWeaver
Associated: Oracle Patches EBS Vulnerability Permitting Entry to Delicate Information
Associated: Juniper Networks Patches Crucial Junos Area Vulnerabilities
