SAP NetWeaver AS Java deserialization RCE (CVE-2025-42944)
Vulnerability
Summary
Hide ▲
Show ▼
SAP NetWeaver AS Java has a CVE-2025-42944 insecure deserialization flaw that can let an unauthenticated attacker trigger arbitrary OS command execution through the RMI-P4 module. SAP said the bug is CVSS 10.0 and can be reached by sending a malicious payload to an open port. The issue was first addressed last month, and the latest update adds extra safeguards to reduce deserialization abuse. No evidence of in-the-wild exploitation was reported.
Related Happenings
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
H score52
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/MitigationAbout this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector Action
H score53
First: 04.02.2026 07:50
Last: 04.02.2026 07:50
Sources 1
About this happening:
**CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
SAP Solution Manager ST 720 code injection security flaw (CVE-2025-42880)
Vulnerability
H score37
First: 10.12.2025 00:41
Last: 10.12.2025 00:41
Sources 1
About this happening:
**CVE-2025-42880** is a **code injection** flaw in **SAP Solution Manager ST 720** that could let an **authenticated attacker** gain **full control** of the system. SAP included t...
SAP Solution Manager ST 720 code injection security flaw (CVE-2025-42880)
VulnerabilityAbout this happening: **CVE-2025-42880** is a **code injection** flaw in **SAP Solution Manager ST 720** that could let an **authenticated attacker** gain **full control** of the system. SAP included t...
Fortra GoAnywhere MFT CVE-2025-10035 active exploitation wave
Exploitation Wave
H score48
First: 07.10.2025 11:45
Last: 07.10.2025 11:45
Sources 1
About this happening:
**CVE-2025-10035** in **Fortra GoAnywhere Managed File Transfer (MFT)** is being **actively exploited** in **ransomware attacks** against systems with the **admin console exposed...
Fortra GoAnywhere MFT CVE-2025-10035 active exploitation wave
Exploitation WaveAbout this happening: **CVE-2025-10035** in **Fortra GoAnywhere Managed File Transfer (MFT)** is being **actively exploited** in **ransomware attacks** against systems with the **admin console exposed...
CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008
Public Sector Action
H score36
First: 03.10.2025 11:23
Last: 03.10.2025 11:23
Sources 1
About this happening:
CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...
CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008
Public Sector ActionAbout this happening: CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...
Timeline
-
15.10.2025 08:36 3 articles · 8mo ago
SAP hardens CVE-2025-42944 in SAP NetWeaver AS Java
Mitigation Patch UpdateSAP added extra hardening for CVE-2025-42944 in SAP NetWeaver AS Java, an unauthenticated insecure deserialization flaw with CVSS 10.0 that could let an attacker use the RMI-P4 module and a malicious payload on an open port to trigger arbitrary OS command execution. The added protection uses a JVM-wide filter (jdk.serialFilter) to block selected classes from being deserialized, and no evidence of in-the-wild exploitation was reported.
Show sources
- New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login — thehackernews.com — 15.10.2025 08:36
- New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login — thehackernews.com — 15.10.2025 08:36
- SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws — thehackernews.com — 10.09.2025 04:03