- SAP Patched CVE-2025-42944, a critical deficiency that allows unauthorized OS-command
- Two more serious vulnerabilities affect SAP Print Service and Supplier Relationships Management Modules
- Unobtrusive systems remain exposed; N-Dagens Missing is widely used due to delayed patching
The software giant SAP released additional security hardening for a vulnerability of the maximum severity that causes threat actors arbitrary command performance functions on compromised final points.
Earlier this week, the company released a new security advice that detailed corrections for a total of 17 vulnerabilities (13 corrections and 4 updates), including a 10/10 “uncertain deserialization in SAP Netweaver like Java” errors. The track as CVE-2025-42944, allowed the error threat actors to utilize systems through the RMI-P4 module by submitting malicious payload to an open gate.
“The deserialization of such non -constructed Java objects could lead to arbitrary us -command, which is a major impact on the application, integrity and accessibility of the application,” NVD explained. SAP patched it as part of its September 2025 Security Patch Day.
Abuses n-days
The advisers describe two additional critical difficulty deficiencies, a “catalog overall vulnerability” in SAP Print Service and an “Unlimited file upload vulnerability” in SAP supplier relationship management.
The former is traced as CVE-2025-42937 and has a severity of 9.8/10, while the latter is tracked as CVE-2025-42910 and has a severity of 9.0/10.
While none of these bugs were seen that were abused in the wild by threat actors, SAP urges its users to use labels and meal as soon as possible to minimize any risks.
Utilization of zero-day deficiencies is undoubtedly more successful compared to N-Day, but N-Day’s vulnerabilities are abused much more frequently. This is due to the fact that many organizations do not patch their systems on time, leaving exposed cases associated with the wider internet for months.
This, paired with widely available proof-of-concept (POC) utilization, often makes N-day deficiencies with low-hanging fruit that is easy to utilize.
SAP is the world’s largest ERP supplier, with products using more than 90% of the Forbes Global 2000 list, so cyber criminals are likely to scan for final points that have not used patches looking for a way into the IT network of some of the world’s most important brands.
Via Hacker the news
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
