SAP security patch release for CVE-2025-42944
Security Patch Release
Summary
Hide ▲
Show ▼
SAP released patches for 13 security issues, including extra hardening for CVE-2025-42944 in SAP NetWeaver AS Java that could lead to arbitrary OS command execution. The bundle also fixes CVE-2025-42937 in SAP Print Service and CVE-2025-42910 in SAP Supplier Relationship Management, covering directory traversal and unrestricted file upload risks. No evidence of in-the-wild exploitation was reported, but the flaws are critical enough that administrators should act quickly.
Related Happenings
SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud
Security Patch Release
H score24
First: 09.06.2026 22:36
Last: 09.06.2026 22:36
Sources 1
About this happening:
**SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...
SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud
Security Patch ReleaseAbout this happening: **SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
H score52
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/MitigationAbout this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)
Security Patch Release
H score38
First: 12.05.2026 14:04
Last: 12.05.2026 14:04
Sources 1
About this happening:
**SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...
SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)
Security Patch ReleaseAbout this happening: **SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...
Oracle security patch release for CVE-2026-21992
Security Patch Release
H score44
First: 21.03.2026 12:24
Last: 21.03.2026 12:24
Sources 1
About this happening:
**Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...
Oracle security patch release for CVE-2026-21992
Security Patch ReleaseAbout this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...
Timeline
-
15.10.2025 08:36 2 articles · 8mo ago
SAP releases fixes for CVE-2025-42944 and related SAP flaws
Mitigation Patch UpdateSAP rolled out security fixes for 13 new security issues, including additional hardening for CVE-2025-42944 in SAP NetWeaver AS Java, a CVSS 10.0 insecure deserialization flaw that could allow arbitrary OS command execution through the RMI-P4 module. SAP also patched CVE-2025-42937 in SAP Print Service, a CVSS 9.8 directory traversal flaw that could let an unauthenticated attacker overwrite system files, and CVE-2025-42910 in SAP Supplier Relationship Management, a CVSS 9.0 unrestricted file upload bug that could let an attacker upload malicious executables.
Show sources
- New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login — thehackernews.com — 15.10.2025 08:36
- New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login — thehackernews.com — 15.10.2025 08:36
-
15.10.2025 08:36 1 articles · 8mo ago
Analysts describe jdk.serialFilter hardening and continued deserialization risk in SAP NetWeaver AS Java
Technical Analysis UpdateSecurity analysts said SAP added a JVM-wide filter, jdk.serialFilter, to block dedicated classes from being deserialized and provide an extra layer of protection against gadget-class abuse. Commentary from Onapsis and Pathlock emphasized that deserialization remains the major risk in SAP NetWeaver AS Java and that the P4/RMI chain continues to drive critical exposure even after the direct fix and hardened JVM configuration.
Show sources
- New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login — thehackernews.com — 15.10.2025 08:36