Pakistan’s National Computer Emergency Response Team (National CERT) has issued a red alert after discovering multiple zero-day vulnerabilities in SAP NetWeaver that could allow unauthenticated remote code execution, malware deployment, and full system compromise of enterprise servers.
SAP NetWeaver is widely used in banking, telecom, government, and manufacturing systems. Security experts warn that the newly discovered flaws pose a global enterprise risk, leaving organizations vulnerable to ransomware, large-scale data breaches, and theft of sensitive data if patches are delayed.
The most severe flaw, CVE-2025-42944, with a CVSS score of 10.0, affects the RMI-P4 module of SAP NetWeaver ServerCore 7.50. It enables remote attackers to run system commands without authentication. Two other flaws CVE-2025-42922 (CVSS 9.9) and CVE-2025-42958 (CVSS 9.1) could allow insecure file uploads and authentication bypass.
National CERT cautioned: “These vulnerabilities pose a severe risk of complete enterprise system takeover. Organizations must patch immediately.”
Key Vulnerabilities & Risks
| CVE ID | Severity (CVSS) | Risk Description |
| CVE-2025-42944 | 10.0 (Critical) | Remote code execution via RMI-P4 |
| CVE-2025-42922 | 9.9 (High) | Insecure file uploads, malware deployment |
| CVE-2025-42958 | 9.1 (High) | Authentication bypass, privilege escalation |
Immediate Actions Required
- National CERT has urged organizations to:
- Apply SAP’s September 9, 2025 patches (Notes 3643501, 3643865, 3642961).
- Restrict access to RMI-P4 and Deploy Web Service modules.
- Enforce network segmentation and monitor for suspicious uploads or command executions.
Temporary mitigations include firewall restrictions, disabling unnecessary upload features, and tightening access controls. CERT also advised enterprises to review logs, rotate privileged credentials, validate backups, and scan for compromise.
With SAP systems forming the backbone of enterprise IT, National CERT warned that any delay in patching could expose organizations to devastating ransomware attacks, large-scale breaches, and system-wide takeovers.