Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SAP security patch release for CVE-2025-42944

Security Patch Release
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

SAP released patches for 13 security issues, including extra hardening for CVE-2025-42944 in SAP NetWeaver AS Java that could lead to arbitrary OS command execution. The bundle also fixes CVE-2025-42937 in SAP Print Service and CVE-2025-42910 in SAP Supplier Relationship Management, covering directory traversal and unrestricted file upload risks. No evidence of in-the-wild exploitation was reported, but the flaws are critical enough that administrators should act quickly.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)

Security Patch Release
First: 12.05.2026 14:04 Last: 12.05.2026 14:04 Sources 1

About this happening: **SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...

Open Happening

Oracle security patch release for CVE-2026-21992

Security Patch Release
First: 21.03.2026 12:24 Last: 21.03.2026 12:24 Sources 1

About this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

SAP security patch release for CVE-2019-17571

Security Patch Release
First: 11.03.2026 14:26 Last: 11.03.2026 14:26 Sources 1

About this happening: **SAP** released security updates for **two critical flaws** in **FS-QUO** and **NetWeaver Enterprise Portal Administration**, reducing the risk of **arbitrary code execution** on...

Open Happening

Timeline

  1. 15.10.2025 08:36 2 articles · 7mo ago

    SAP releases fixes for CVE-2025-42944 and related SAP flaws

    Mitigation Patch Update

    SAP rolled out security fixes for 13 new security issues, including additional hardening for CVE-2025-42944 in SAP NetWeaver AS Java, a CVSS 10.0 insecure deserialization flaw that could allow arbitrary OS command execution through the RMI-P4 module. SAP also patched CVE-2025-42937 in SAP Print Service, a CVSS 9.8 directory traversal flaw that could let an unauthenticated attacker overwrite system files, and CVE-2025-42910 in SAP Supplier Relationship Management, a CVSS 9.0 unrestricted file upload bug that could let an attacker upload malicious executables.

    Show sources
    Open in new tab
  2. 15.10.2025 08:36 1 articles · 7mo ago

    Analysts describe jdk.serialFilter hardening and continued deserialization risk in SAP NetWeaver AS Java

    Technical Analysis Update

    Security analysts said SAP added a JVM-wide filter, jdk.serialFilter, to block dedicated classes from being deserialized and provide an extra layer of protection against gadget-class abuse. Commentary from Onapsis and Pathlock emphasized that deserialization remains the major risk in SAP NetWeaver AS Java and that the P4/RMI chain continues to drive critical exposure even after the direct fix and hardened JVM configuration.

    Show sources
    Open in new tab