SAP has released security patches addressing 21 vulnerabilities across its product suite, including three critical flaws in SAP NetWeaver, the foundational middleware for ERP, CRM, SRM, and SCM systems widely used in global enterprises. Given the central role of NetWeaver in business-critical workflows, exploitation risks are particularly high if systems remain unpatched.
The most severe issue, tracked as CVE-2025-42944, carries the maximum CVSS score of 10.0. It is an insecure deserialization vulnerability in SAP NetWeaver (RMIP4), ServerCore 7.50. An unauthenticated attacker could exploit the flaw by sending a malicious Java object to an open Remote Method Invocation (RMI-P4) port, enabling arbitrary operating system command execution. Misconfigured firewalls or exposed ports heighten the risk of exploitation.
The second critical flaw, CVE-2025-42922 (CVSS 9.9), affects NetWeaver AS Java (Deploy Web Service), J2EE-APPS 7.50. It allows authenticated but non-administrative users to upload arbitrary files through the deployment function, potentially leading to full system compromise.
The third, CVE-2025-42958 (CVSS 9.1), stems from a missing authentication check in NetWeaver. Attackers with elevated but unauthorized access could exploit it to read, modify, or delete sensitive data, as well as gain administrative functionality. Together, these three flaws represent high-value entry points for threat actors targeting SAP environments.
In addition, SAP addressed multiple high-severity vulnerabilities, including CVE-2025-42933 (SAP Business One SLD) for insecure credential storage, CVE-2025-42929 (SLT Replication Server) for missing input validation that could corrupt replicated data, and CVE-2025-42916 (S/4HANA) that risks unauthorized data manipulation through input validation gaps.
The urgency of patching is heightened by recent reports of active exploitation of CVE-2025-42957, a critical code injection flaw affecting S/4HANA, Business One, and NetWeaver. This demonstrates that SAP vulnerabilities are quickly weaponized by attackers seeking access to mission-critical enterprise systems.
Administrators are strongly advised to prioritize the application of SAP’s September patches, particularly the three critical NetWeaver vulnerabilities. Following SAP’s official patching guidance, restricting exposure of RMI-P4 ports, and enforcing strict input validation controls are essential to protecting enterprise systems from compromise. In high-value environments, layered defenses such as segmentation, monitoring, and access control can further reduce the risk of exploitation.
