The National Computer Emergency Response Team (National CERT) has issued an advisory alerting organizations to several critical vulnerabilities found in SAP NetWeaver, a widely used enterprise software platform.
These security flaws could allow attackers without authentication to execute remote code, perform unsafe file operations, and gain unauthorized access to sensitive business data.
Among the reported issues, the most severe vulnerability, CVE-2025-42944, carries a maximum CVSS score of 10.0. It enables attackers to remotely execute operating system commands through the RMI-P4 module without requiring any authentication.
According to the advisory, two other vulnerabilities, CVE-2025-42922 and CVE-2025-42958, have also been rated as critical, with CVSS scores of 9.9 and 9.1, respectively. These flaws could allow insecure file uploads and authentication bypasses, potentially leading to privilege escalation, malware installation, and data breaches. Because these vulnerabilities can be exploited remotely with low complexity and no user interaction, they pose a serious threat to organizations using unpatched NetWeaver systems. Successful attacks could result in full system takeovers, theft of business data, and disruption of key operations.
The advisory identifies the affected components as SAP NetWeaver ServerCore 7.50 (RMI-P4 module), J2EE-APPS 7.50 (Deploy Web Service module), and general authentication mechanisms across multiple NetWeaver platforms. The root causes include deserialization of untrusted data, unrestricted file uploads, and weak authentication controls. Exploitation requires only network access to exposed modules, with CVE-2025-42944 being especially dangerous since it does not need any credentials.
National CERT has urged all organizations to immediately apply SAP’s released patches. Security updates are available under SAP Notes 3643501, 3643865, and 3642961 as part of the September 2025 patch release. If patching cannot be done right away, CERT recommends restricting network access to vulnerable modules, limiting Deploy Web Service usage to trusted users, and enforcing strict file validation rules. The advisory also calls for enhanced logging, continuous monitoring, and network segmentation to detect and block potential exploitation attempts.
Furthermore, organizations are advised to watch for unusual system command executions, suspicious file uploads, and unauthorized login attempts linked to SAP NetWeaver servers. CERT has emphasized reviewing SAP logs for any signs of compromise and rotating privileged credentials if a breach is suspected. The agency stressed that timely patching and heightened vigilance are critical to preventing remote code execution, malware attacks, and large-scale system breaches.