Pakistan’s National Computer Emergency Response Team (NCERT) has issued a red alert after identifying multiple zero-day vulnerabilities in SAP NetWeaver that expose critical enterprise systems to serious security risks. The flaws include remote code execution and authentication bypass that could allow attackers to compromise servers without user interaction, deploy malware, and take full control of enterprise infrastructure.
SAP NetWeaver is a core platform relied upon by banks, telecom providers, manufacturing companies, and government agencies. Security experts warn that the vulnerabilities represent a global risk, with attackers able to exploit weaknesses before patches are applied. The most severe of the flaws, listed as CVE-2025-42944, has been assigned a CVSS score of 10.0. It affects the RMI-P4 module in SAP NetWeaver ServerCore 7.50 and enables unauthenticated attackers to run arbitrary commands on affected systems. Two additional flaws, CVE-2025-42922 and CVE-2025-42958, were also detailed. The former carries a score of 9.9 and involves insecure file uploads that could allow malware deployment, while the latter has a score of 9.1 and permits authentication bypass with potential privilege escalation.
NCERT has urged organizations using SAP NetWeaver to act without delay, stressing that postponing patching increases the risk of ransomware incidents, theft of sensitive data, and enterprise-wide compromise. Enterprises have been advised to apply SAP’s September 9, 2025 patches, which address the vulnerabilities through Notes 3643501, 3643865, and 3642961. NCERT also recommended restricting access to RMI-P4 and Deploy Web Service modules, enforcing network segmentation, and actively monitoring for unusual uploads or suspicious command executions.
The advisory highlighted several temporary mitigations that enterprises can deploy while permanent fixes are applied. These include firewall restrictions, disabling unnecessary upload functionalities, and strengthening access controls across systems. Organizations have also been instructed to review system logs for signs of compromise, rotate privileged credentials, ensure backup validation, and carry out extensive scans to confirm whether exploitation attempts have already occurred.
Industry analysts point out that SAP systems remain central to enterprise IT operations worldwide, and vulnerabilities of this scale significantly raise the threat of devastating cyberattacks if left unaddressed. Given that ransomware groups and state-backed threat actors often target enterprise-grade software, the urgency conveyed in NCERT’s alert underscores the immediate need for organizations to close these critical security gaps. By taking swift action, enterprises can avoid widespread disruptions and mitigate the potential fallout of these vulnerabilities.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
