National Computer Emergency Response Team (National CERT) has released an advisory alerting organizations to critical security vulnerabilities discovered in SAP NetWeaver, a widely deployed enterprise platform used globally for managing core business operations. The newly identified flaws expose organizations to severe cybersecurity risks, allowing attackers to exploit unpatched systems for remote code execution, unauthorized data access, and file manipulation without any authentication.
According to National CERT, the most serious vulnerability, tracked as CVE-2025-42944, carries a maximum CVSS score of 10.0, representing the highest severity level. This flaw allows unauthenticated attackers to execute arbitrary operating system commands remotely through the RMI-P4 module, potentially enabling full control of targeted systems. Two other vulnerabilities, CVE-2025-42922 and CVE-2025-42958, also pose significant risks, with CVSS scores of 9.9 and 9.1 respectively. These issues can result in insecure file uploads, authentication bypass, and unauthorized privilege escalation, increasing the likelihood of malware infections and large-scale data breaches.
The advisory outlines that the affected components include SAP NetWeaver ServerCore 7.50 (RMI-P4 module), J2EE-APPS 7.50 (Deploy Web Service module), and various authentication mechanisms across NetWeaver platforms. The underlying causes stem from unsafe deserialization of data, unrestricted file uploads, and weak authentication control within exposed network modules. Exploitation of these flaws requires minimal technical effort and no user interaction, making them especially dangerous for organizations that have not yet applied the latest SAP security patches. If left unaddressed, these vulnerabilities could lead to system compromise, theft of sensitive business data, and disruption of operational processes critical to enterprise continuity.
National CERT has strongly urged all organizations using SAP NetWeaver to immediately deploy the patches issued by SAP as part of its September 2025 security update cycle. The relevant fixes are detailed under SAP Notes 3643501, 3643865, and 3642961. Organizations unable to patch immediately have been advised to restrict network exposure to the affected modules, limit Deploy Web Service access to trusted users, and implement strict file validation protocols. CERT also recommends enabling detailed logging and continuous network monitoring to identify potential intrusion attempts. Additional security measures such as network segmentation, credential rotation, and review of access control policies have been emphasized to minimize exposure.
National CERT further advised administrators to stay alert for indicators of compromise, including abnormal system command executions, suspicious file uploads, or unauthorized login attempts associated with SAP NetWeaver servers. Reviewing system logs and ensuring timely response to anomalies can help contain threats before they escalate. The advisory reinforces that swift patch management and proactive monitoring remain essential in mitigating risks of remote code execution and preventing significant security breaches across enterprise systems.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
