Find notable cyber news and cases, enriched with sources, timelines, and signals.

SAP security patch release for CVE-2025-42944

Security Patch Release
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

SAP released patches for 13 security issues, including extra hardening for CVE-2025-42944 in SAP NetWeaver AS Java that could lead to arbitrary OS command execution. The bundle also fixes CVE-2025-42937 in SAP Print Service and CVE-2025-42910 in SAP Supplier Relationship Management, covering directory traversal and unrestricted file upload risks. No evidence of in-the-wild exploitation was reported, but the flaws are critical enough that administrators should act quickly.

Related Happenings

SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud

Security Patch Release
H score24 First: 09.06.2026 22:36 Last: 09.06.2026 22:36 Sources 1

About this happening: **SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...

SolarWinds Serv-U advisory and mitigations for CVE-2026-28318

Advisory/Mitigation
H score52 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)

Security Patch Release
H score38 First: 12.05.2026 14:04 Last: 12.05.2026 14:04 Sources 1

About this happening: **SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...

Oracle security patch release for CVE-2026-21992

Security Patch Release
H score44 First: 21.03.2026 12:24 Last: 21.03.2026 12:24 Sources 1

About this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...

Timeline

  1. 15.10.2025 08:36 2 articles · 8mo ago

    SAP releases fixes for CVE-2025-42944 and related SAP flaws

    Mitigation Patch Update

    SAP rolled out security fixes for 13 new security issues, including additional hardening for CVE-2025-42944 in SAP NetWeaver AS Java, a CVSS 10.0 insecure deserialization flaw that could allow arbitrary OS command execution through the RMI-P4 module. SAP also patched CVE-2025-42937 in SAP Print Service, a CVSS 9.8 directory traversal flaw that could let an unauthenticated attacker overwrite system files, and CVE-2025-42910 in SAP Supplier Relationship Management, a CVSS 9.0 unrestricted file upload bug that could let an attacker upload malicious executables.

    Show sources
  2. 15.10.2025 08:36 1 articles · 8mo ago

    Analysts describe jdk.serialFilter hardening and continued deserialization risk in SAP NetWeaver AS Java

    Technical Analysis Update

    Security analysts said SAP added a JVM-wide filter, jdk.serialFilter, to block dedicated classes from being deserialized and provide an extra layer of protection against gadget-class abuse. Commentary from Onapsis and Pathlock emphasized that deserialization remains the major risk in SAP NetWeaver AS Java and that the P4/RMI chain continues to drive critical exposure even after the direct fix and hardened JVM configuration.

    Show sources