CVE-2025-42944

CRITICAL

SAP NetWeaver - Deserialization

Title source: llm

Description

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.

Exploits (1)

nomisec SCANNER
by rxerium · poc
https://github.com/rxerium/CVE-2025-42944

References (4)

Scores

CVSS v3 10.0
EPSS 0.0010
EPSS Percentile 28.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-502
Status draft

Timeline

Published Sep 09, 2025
Tracked Since Feb 18, 2026