- SAP fixed CVE-2025-42944, a critical flaw allowing execution of unauthenticated operating system commands
- Two more serious vulnerabilities affect the SAP Print Service and Supplier Relationship Management modules
- Unpatched systems remain exposed; n-day vulnerabilities are widely exploited due to delay in patching
Software giant SAP has released an additional security hardening for a maximum severity vulnerability that grants malicious actors arbitrary command execution capabilities on compromised endpoints.
Earlier this week, the company released a new security advisory, detailing fixes for a total of 17 vulnerabilities (13 fixes and 4 updates), including a 10/10 flaw “unsafe deserialization in SAP NetWeaver AS Java.” Tracked as CVE-2025-42944, the flaw allowed malicious actors to exploit systems via the RMI-P4 module by submitting malicious payloads to an open port.
“Deserialization of these untrusted Java objects could lead to arbitrary execution of operating system commands, which would have a significant impact on the confidentiality, integrity and availability of the application,” NVD explained. SAP fixed it as part of its September 2025 Security Patch Day.
Abuse n days
The advisory details two other critical severity vulnerabilities, a “directory traversal vulnerability” in SAP Print Service and an “unrestricted file upload vulnerability” in SAP Supplier Relationship Management.
The first is tracked as CVE-2025-42937 and has a severity score of 9.8/10, while the second is tracked as CVE-2025-42910 and has a severity score of 9.0/10.
Although none of these bugs have been exploited by malicious actors, SAP urges its users to apply the patches and mitigations as soon as possible, to minimize potential risks.
Exploits for zero-day vulnerabilities are arguably more effective than n-day exploits, but n-day vulnerabilities are exploited much more frequently. This is because many organizations fail to update their systems on time, leaving exposed instances connected to the wider Internet for months.
This, coupled with widely available proof-of-concept (PoC) exploits, often makes n-day vulnerabilities low hanging fruit.
SAP is the world’s largest ERP vendor, with products used by more than 90% of the Forbes Global 2000 list, so cybercriminals will most likely be looking for endpoints that haven’t applied the patch, looking for a way to gain access to the computer networks of some of the world’s most valuable brands.
Via Hacker news
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
