- SAP patched CVE-2025-42944, a critical flaw that allows unauthenticated operating system commands to be executed
- Two more serious vulnerabilities affect the SAP Print Service and Supplier Relationship Management modules
- Unpatched systems remain exposed; n-day bugs are widely exploited due to delayed patching
Software giant SAP has released an additional security hardening for a maximum severity vulnerability that grants threat actors arbitrary command execution capabilities on compromised endpoints.
Earlier this week, the company published a new security advisory, detailing fixes for a total of 17 vulnerabilities (13 fixes and 4 updates), including a 10/10 “insecure deserialization in SAP NetWeaver AS Java” flaw. The flaw, tracked as CVE-2025-42944, allowed threat actors to exploit systems via the RMI-P4 module by sending malicious payloads to an open port.
“Deserialization of untrusted Java objects could lead to arbitrary execution of operating system commands, which represents a high impact on the confidentiality, integrity and availability of the application,” NVD explained. SAP patched it as part of its September 2025 Security Patch Day.
Abuse of days n
The advisory details two additional critical flaws, a “directory traversal vulnerability” in SAP Print Service and an “unrestricted file upload vulnerability” in SAP Supplier Relationship Management.
The former is tracked as CVE-2025-42937 and has a severity score of 9.8/10, while the latter is tracked as CVE-2025-42910 and has a severity score of 9.0/10.
While none of these bugs were seen being abused by threat actors, SAP urges its users to apply patches and mitigations as soon as possible, to minimize any potential risks.
Exploits for zero-day vulnerabilities are arguably more successful than n-day exploits, but n-day vulnerabilities are abused much more frequently. This is due to the fact that many organizations do not patch their systems in time, leaving exposed instances connected to the internet for months.
This, coupled with widely available proof-of-concept (PoC) exploits, often makes n-day flaws easy to exploit.
SAP is the world’s largest ERP vendor, with products used by more than 90% of the Forbes Global 2000, so cybercriminals will most likely be looking for unpatched endpoints, looking for a way into the IT networks of some of the world’s biggest brands.
Through Hacker News
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
