CVE-2025-42944

SAP · NetWeaver

A deserialization vulnerability in the SAP NetWeaver RMI-P4 module allows an unauthenticated attacker to execute arbitrary code by submitting a malicious payload to an open port.

Executive summary

A critical deserialization vulnerability in the SAP NetWeaver RMI-P4 module allows unauthenticated attackers to achieve remote code execution.

Vulnerability

This vulnerability involves insecure deserialization within the RMI-P4 module of SAP NetWeaver. By sending a crafted, malicious payload to an open port, an unauthenticated attacker can trigger the vulnerability to execute arbitrary code on the target system.

Business impact

A CVSS score of 10.0 reflects the maximum severity, indicating that this vulnerability can lead to full system compromise without any prior authentication. The potential for remote code execution threatens the entire availability, integrity, and confidentiality of the affected SAP infrastructure, making it an extremely high-priority threat.

Remediation

Immediate Action: Identify all exposed SAP NetWeaver instances and apply the vendor-provided security patches immediately to address the deserialization flaw.

Proactive Monitoring: Monitor for anomalous traffic or unexpected payloads directed at RMI-P4 listening ports on your SAP systems.

Compensating Controls: If patching is delayed, restrict access to the affected RMI-P4 ports via firewall rules to ensure only trusted traffic can reach the service.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the critical nature of this unauthenticated remote code execution vulnerability, immediate remediation is mandatory. Organizations must treat this as a top-tier security priority and expedite the deployment of vendor patches to secure their SAP environment.