← volver
CVE-2025-42944

Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)

CVSS 10 CRITICALEPSS 2.9%CWE-502
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
SAP_SE · SAP Netweaver (RMI-P4)
PoCs públicas encontradas1
githubgithub.com/rxerium/CVE-2025-429440
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://me.sap.com/notes/3634501https://me.sap.com/notes/3660659https://me.sap.com/notes/3670067https://url.sap/sapsecuritypatchday