SAP has released security patches addressing multiple critical vulnerabilities in SAP NetWeaver and SAP S/4HANA that could lead to remote code execution, file uploads, and unauthorized access. Users should promptly apply these updates to mitigate potential exploitation risks, especially given recent active threats in the wild. #SAPNetWeaver #S4HANA #CVE202542944 #CVE202542922
Keypoints
- SAP has issued security updates for multiple critical vulnerabilities in SAP NetWeaver and S/4HANA.
- The vulnerabilities include deserialization issues, insecure file operations, and missing authentication checks.
- A CVE-2025-42944 vulnerability allows unauthenticated remote command execution through the RMI-P4 module.
- Patch implementation is highly recommended due to active exploitation of similar vulnerabilities in the wild.
- Temporary workarounds include port filtering and timely application of patches to prevent compromise.
Read More: https://thehackernews.com/2025/09/sap-patches-critical-netweaver-cvss-up.html