SAP Releases Critical Patches for NetWeaver (CVSS Scores Up to 10.0) and High-Risk S/4HANA Vulnerabilities

Date: September 10, 2025
Category: Software Security / Vulnerability

On Tuesday, SAP issued security updates to rectify numerous vulnerabilities, including three critical flaws in SAP NetWeaver that could lead to remote code execution and unauthorized file uploads. Details of the vulnerabilities are as follows:

  • CVE-2025-42944 (CVSS Score: 10.0) – A deserialization vulnerability in SAP NetWeaver that allows unauthenticated attackers to submit malicious payloads via the RMI-P4 module, potentially executing operating system commands.
  • CVE-2025-42922 (CVSS Score: 9.9) – An insecure file operations vulnerability in SAP NetWeaver AS Java enabling authenticated non-administrative users to upload arbitrary files.
  • CVE-2025-42958 (CVSS Score: 9.1) – A missing authentication check in the SAP NetWeaver application on IBM i-series, which could let unauthorized highly privileged users read, modify, or delete sensitive information, and access administrative functionalities.

SAP Addresses Critical Vulnerabilities in NetWeaver and High-Severity Flaws in S/4HANA

On September 10, 2025, SAP issued several security updates aimed at mitigating significant vulnerabilities in its software, particularly within SAP NetWeaver. Among the disclosed issues are three critical vulnerabilities categorized with a Common Vulnerability Scoring System (CVSS) score peaking at 10.0. These vulnerabilities have the potential to allow unauthorized code execution and arbitrary file uploads, making them particularly alarming for businesses relying on this software.

The first critical vulnerability, identified as CVE-2025-42944, pertains to a deserialization flaw within SAP NetWeaver. This vulnerability could potentially enable unauthenticated adversaries to exploit an open port in the RMI-P4 module by submitting a malicious payload, thereby executing operating system commands. Such a vulnerability exposes organizations to the risk of severe operational disruptions and data breaches.

The second vulnerability, CVE-2025-42922, relates to insecure file operations within SAP NetWeaver AS Java. Here, an attacker possessing non-administrative user credentials could upload arbitrary files. This oversight in file handling practices can lead to further system exploitation, allowing unauthorized actions within the environment.

Another critical concern is CVE-2025-42958, a missing authentication check vulnerability within the SAP NetWeaver application used on IBM i-series platforms. This flaw could empower highly privileged unauthorized users to read, modify, or delete sensitive information, as well as gain access to critical administrative functionalities. The ramifications of such vulnerabilities could be significant, potentially leading to data leaks and compliance violations.

The targeted software is widely utilized across various sectors and organizations, raising the stakes for businesses dependent on SAP products, particularly those within the United States. The implications of these vulnerabilities underscore the growing need for robust cybersecurity measures.

In analyzing the potential adversary tactics linked to these vulnerabilities, insights from the MITRE ATT&CK framework offer useful context. Techniques like initial access could relate to the exploitation of the deserialization vulnerability, while privilege escalation tactics might be leveraged by attackers capitalizing on insecure file operations or missing authentication checks.

The release of these security updates serves as a crucial reminder for business owners and IT professionals to prioritize regular software updates and security audits within their organizations. As cyber threats continue to evolve, staying informed and proactive is key to safeguarding sensitive data and maintaining the integrity of business operations. Now more than ever, vigilance in cybersecurity practices is essential in mitigating risks associated with such vulnerabilities.

Source link

Related Posts

Beware of Salty2FA: New Phishing Kit Targeting Enterprises in the US and EU

September 10, 2025
Malware Analysis / Enterprise Security

Phishing-as-a-Service (PhaaS) platforms are continuously evolving, providing cybercriminals with quicker and cheaper methods to infiltrate corporate accounts. Researchers at ANY.RUN have identified a new threat: Salty2FA, a sophisticated phishing kit capable of bypassing various two-factor authentication methods and evading traditional defenses. Currently active in campaigns across the US and EU, Salty2FA threatens numerous industries, including finance and energy. Its complex execution chain, evasive infrastructure, and ability to intercept credentials and 2FA codes make it one of the most formidable PhaaS frameworks observed this year.

Why Salty2FA Poses a Significant Risk for Enterprises
With the ability to bypass push notifications, SMS, and voice-based 2FA, Salty2FA allows stolen credentials to easily lead to account takeovers. Targeting sectors such as finance, energy, and telecommunications, this kit transforms ordinary phishing emails into severe security breaches.

Identifying the Targets
ANY.RUN analysts have mapped Salty2FA campaigns and highlighted…

Microsoft Announces Fix for 80 Security Vulnerabilities, Including Critical SMB Privilege Escalation and Azure CVSS 10.0 Issues

On September 10, 2025, Microsoft released patches for 80 security flaws across its software. This update includes one vulnerability that had already been disclosed publicly. Among these, eight are classified as Critical, while 72 are deemed Important. Fortunately, none were exploited in the wild as zero-day vulnerabilities. Similar to the previous month, 38 flaws are linked to privilege escalation, followed by 22 related to remote code execution, 14 concerning information disclosure, and 3 classified as denial-of-service. “For the third time this year, Microsoft has addressed more privilege escalation vulnerabilities than remote code execution issues,” noted Satnam Narang, Senior Staff Research Engineer at Tenable. “Almost half (47.5%) of the vulnerabilities this month are related to privilege escalation.” This patch release also includes updates to 12 vulnerabilities in Microsoft’s Chromium-based Edge browser since August 2025’s Patch Tuesday.

Unlocking Boardroom Communication: Empowering CISOs to Articulate Business Impact

 
Sep 11, 2025
Continuous Threat Exposure Management

CISOs possess deep expertise in their domain—they are well-versed in the threat landscape, capable of building robust and cost-effective security systems, adept at staffing, navigating compliance intricacies, and managing risk. But a recurring challenge arises in discussions with these security leaders: how can they effectively convey the implications of risk to business decision-makers?

Boards focus on how risk influences revenue, governance, and growth, often showing little interest in detailed vulnerability lists or technicalities. When the narrative becomes overly technical, even critical initiatives can stall and miss funding.

CISOs must learn to translate technical challenges into business-friendly language, fostering trust, gaining support, and demonstrating how security decisions tie directly to sustainable growth. This urgent need to bridge the communication divide between CISOs and Boards has driven us to establish a new framework for CISO engagement.

Exploitation of SonicWall SSL VPN Vulnerability and Misconfigurations by Akira Ransomware Group on the Rise

September 11, 2025

Cybersecurity threats linked to the Akira ransomware group have intensified, specifically targeting SonicWall devices for initial breaches. Rapid7 has reported a notable increase in attacks on SonicWall appliances, coinciding with heightened Akira ransomware activity noted since late July 2025. SonicWall recently identified that these SSL VPN attacks exploit a year-old security vulnerability (CVE-2024-40766, CVSS score: 9.3) where local user passwords remained unchanged during migration. “We are seeing a surge in attempts by threat actors to brute-force user credentials,” the company commented. To mitigate risks, they advise enabling Botnet Filtering to block known threats and implementing Account Lockout policies. SonicWall also urged users to review LDAP SSL VPN Default User Groups, highlighting that misconfigurations could represent a “critical weak point.”