The National Computer Emergency Response Team (NCERT) has issued a warning about critical vulnerabilities in SAP NetWeaver, a widely used business software platform. The flaws could allow attackers to execute remote code, bypass authentication, and access sensitive business data.
The most severe vulnerability, CVE-2025-42944, carries a CVSS score of 10.0. It enables attackers to run operating system commands remotely through the RMI-P4 module without any credentials. Two other critical vulnerabilities, CVE-2025-42922 and CVE-2025-42958, with CVSS scores of 9.9 and 9.1, could allow unsafe file uploads, privilege escalation, and malware installation.
NCERT emphasized that these vulnerabilities can be exploited remotely with minimal complexity and no user interaction. If exploited, they could result in full system compromise, theft of business data, and disruption of key operations.
The affected components include SAP NetWeaver ServerCore 7.50, J2EE-APPS 7.50 Deploy Web Service module, and general authentication mechanisms across multiple NetWeaver platforms. Root causes include deserialization of untrusted data, weak authentication, and unrestricted file uploads.
NCERT urged organizations to immediately apply SAP’s security patches, available under SAP Notes 3643501, 3643865, and 3642961 from the September 2025 release. If patching is delayed, the agency recommends restricting network access to vulnerable modules, limiting Deploy Web Service usage to trusted users, and enforcing strict file validation rules.
Organizations are also advised to enhance logging, monitor systems continuously, and implement network segmentation. Watching for unusual commands, suspicious file uploads, and unauthorized logins is crucial. Privileged credentials should be rotated if a breach is suspected.
In other related news also read Beware Of Malicious PDF App Circulating Online NCERT Warns
NCERT stressed that timely patching and proactive monitoring are essential to prevent large-scale security breaches. Companies using SAP NetWeaver are urged to prioritize updates to safeguard sensitive business data and maintain operational integrity.
