SAP Warns of High-Severity Vulnerabilities in Multiple Products
In a security alert issued on Tuesday, SAP warned users of over two dozen newly detected vulnerabilities in its widely used products, including a high-severity threat with a maximum rating of 10 out of 10. The vulnerability, tracked as CVE-2025-42944, affects NetWeaver, a platform that serves as the technical foundation for many of SAP's enterprise applications.
According to SAP, the vulnerability allows unauthenticated attackers to execute commands by submitting malicious payloads to an open port. This is due to a deserialization vulnerability, which occurs when data is reconstructed from a previously serialized format without proper validation. "Deserialization vulnerabilities are particularly concerning because they can be exploited remotely and with high severity," said Dr. Stefan Ried, SAP's Chief Security Officer.
The company revealed three other high-severity NetWeaver vulnerabilities in Tuesday's disclosure, including one that could allow attackers to bypass authentication mechanisms. SAP also identified vulnerabilities in its ERP (Enterprise Resource Planning) software product, which is used by thousands of organizations worldwide.
SAP's warning comes as hackers have been exploiting a similar vulnerability in the company's flagship ERP software product. "We urge all users to take immediate action and apply the necessary patches to prevent potential attacks," said Ried.
The vulnerabilities were discovered through SAP's regular security testing and monitoring processes. The company has released patches for affected products, which can be downloaded from its website. Users are advised to install these patches as soon as possible to minimize the risk of exploitation.
SAP's Chief Security Officer emphasized the importance of prioritizing security in today's digital landscape. "As technology continues to evolve, so do the threats we face," said Ried. "It is essential that organizations remain vigilant and take proactive measures to protect themselves against potential attacks."
The discovery of these vulnerabilities serves as a reminder for organizations to regularly review their security posture and implement robust measures to prevent cyberattacks. As Dr. Ried noted, "Security is an ongoing process, and it requires continuous effort and attention from all stakeholders."
*Reporting by Arstechnica.*
SAP Issues Urgent Security Alert: 25 High-Risk Flaws Exposed Across Multiple Products
1
0
