CVE-2025-42944: 
SAP NetWeaver Application Server Java vulnerability analysis and mitigation

CVE-2025-42944 is a critical deserialization vulnerability discovered in SAP NetWeaver's RMI-P4 module, disclosed on September 8, 2025. This vulnerability affects SAP NetWeaver ServerCore version 7.50 and allows an unauthenticated attacker to execute arbitrary operating system commands. The vulnerability received a maximum CVSS v3.1 base score of 10.0, indicating critical severity (NVD, Arctic Wolf).

The vulnerability stems from insecure deserialization of untrusted Java objects in the RMI-P4 module, which is used for internal SAP-to-SAP communication and administration. The RMI-P4 protocol, while typically having an open port on the host, can be exposed to wider networks or the internet due to misconfigurations. The vulnerability has been assigned CWE-502 (Deserialization of Untrusted Data) and received a CVSS v3.1 score of 10.0 with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (Bleeping Computer, NVD).

A successful exploitation of this vulnerability can lead to full compromise of the affected SAP NetWeaver application, potentially impacting critical business functions including finance, HR, supply chain, and logistics. The vulnerability affects the application's confidentiality, integrity, and availability, allowing attackers to execute arbitrary operating system commands (Hacker News, Arctic Wolf).

SAP has released patches to address this vulnerability in the September 2025 Security Patch Day update. Organizations should upgrade to the fixed version, which is available as a patch for SAP NetWeaver ServerCore 7.50. As a temporary workaround, customers can add P4 port filtering at the ICM level to prevent unknown hosts from connecting to the P4 port (Hacker News, Arctic Wolf).