Digital Event Horizon
SAP has issued a warning about multiple high-severity vulnerabilities in its NetWeaver and S/4HANA products, which pose a significant threat to the security and integrity of SAP systems. Users should patch these vulnerabilities immediately to mitigate potential risks.
SAP has issued a warning about multiple high-severity vulnerabilities in its products, including NetWeaver and S/4HANA.The highest-severity vulnerability (CVE-2025-42944) allows unauthenticated attackers to execute commands by submitting malicious payloads to an open port.A deserialization vulnerability in the affected products poses a significant threat to security and integrity.Another high-severity vulnerability (CVE-2025-42957) is under active exploitation, allowing hackers with minimal system rights to mount a complete system compromise.Patches are recommended to mitigate the risk of severe compromise and protect against potential attacks.
SAP has issued a warning to its users regarding multiple high-severity vulnerabilities in its widely used products, including NetWeaver and S/4HANA. According to the software maker, these vulnerabilities pose a significant threat to the security and integrity of SAP systems.
The highest-severity vulnerability, tracked as CVE-2025-42944, is located in NetWeaver, a platform that serves as the technical foundation for many of SAP's other enterprise applications. This vulnerability allows unauthenticated attackers to execute commands by submitting malicious payloads to an open port. The maximum-severity threat stems from a deserialization vulnerability, which is a coding process that translates data structures and object states into formats that can be stored or transmitted and then reconstructed later.
The vulnerability was identified five days after security firm SecurityBridge reported that another high-severity vulnerability in SAP S/4HANA, tracked as CVE-2025-42957, was under active exploitation in the wild. This vulnerability allows hackers with minimal system rights to mount "a complete system compromise with minimal effort required," according to SecurityBridge.
SAP warned that this flaw operates as a backdoor, allowing unauthorized access to SAP systems and jeopardizing confidentiality, integrity, and availability. The software maker advises users to patch their systems immediately to mitigate the risk of severe compromise.
The affected products include SAP Business One, SAP Landscape Transformation Replication Server, SAP Commerce Cloud, SAP Datahub, SAP Business Planning and Consolidation, SAP HCM, SAP BusinessObjects Business Intelligence Platform, SAP Supplier Relationship Management, and Fiori. The severity ratings of these vulnerabilities range from 3.1 to 8.8.
Dan Goodin, Senior Security Editor at Ars Technica, notes that all the mentioned vulnerabilities should be patched as soon as possible, emphasizing the importance of prompt action to mitigate potential security risks.
In conclusion, SAP's recent warning highlights the importance of vigilance in addressing high-severity vulnerabilities in widely used software products. Users of these products must take immediate action to patch their systems and protect against potential attacks.
Related Information:
https://www.digitaleventhorizon.com/articles/SAP-Warns-of-High-Severity-Vulnerabilities-in-Multiple-Products-deh.shtml
https://arstechnica.com/security/2025/09/as-hackers-exploit-one-high-severity-sap-flaw-company-warns-of-3-more/
Published: Tue Sep 9 16:51:48 2025 by llama3.2 3B Q4_K_M
