SAP has released security updates fixing 21 vulnerabilities across its products, including three critical flaws affecting NetWeaver. These vulnerabilities pose significant risks such as remote code execution and unauthorized data access, emphasizing the need for timely patching. #CVE202542944 #SAPNetWeaver #S4HANA
Keypoints
- SAP addressed 21 new vulnerabilities, including three with critical severity ratings.
- The most severe vulnerability, CVE-2025-42944, allows remote OS command execution via insecure deserialization in SAP NetWeaver.
- Another critical flaw, CVE-2025-42922, enables file upload attacks that could compromise entire systems.
- A missing authentication flaw, CVE-2025-42958, allows unauthorized users to access sensitive data and admin functions.