Fast Facts

• Three critical NetWeaver flaws scored 9.1–10 on the CVSS risk scale.
• Attackers could run any code, upload files, or access sensitive data.
• One bug (CVE-2025-42944) allows unauthenticated remote takeover of SAP servers.
• Patches released after initial exploit attempts were reported in the wild.
• SAP urges immediate updates; no evidence yet of widespread malicious attacks.

A Storm Brews in the Heart of Enterprise IT

Imagine the digital engine rooms of the world’s largest organizations - banks, manufacturers, governments - all humming thanks to SAP’s software. This month, a bolt of lightning struck those engine rooms: SAP’s NetWeaver platform was found riddled with vulnerabilities so severe that security experts called it a “10 out of 10” emergency.

On September 10, SAP hurriedly rolled out security patches for several flaws in NetWeaver and S/4HANA. The most alarming - CVE-2025-42944 - scored the maximum 10 on the CVSS threat scale. This isn’t just a number: it means hackers could, without even logging in, send a specially crafted message to a misconfigured server and seize full control, running any command as if they owned the system.

What’s at Stake: When Business Brains Are Exposed

NetWeaver is the backbone of SAP’s business software, used by more than 400,000 organizations worldwide. A breach here is like someone sneaking into a company’s control room. If unpatched, attackers could upload malicious files, read or delete sensitive information, or even erase critical database tables - potentially halting operations or leaking secrets.

The vulnerabilities span multiple components. One flaw lets a hacker upload arbitrary files (CVE-2025-42922), another allows privileged users to delete any database table (CVE-2025-42916), and a third exposes IBM i-series users to unauthorized access (CVE-2025-42958). Security firm Onapsis warns that with the right exploit, a criminal could compromise an entire SAP application in minutes.

Déjà Vu: Echoes of Past SAP Attacks

This isn’t SAP’s first high-profile scare. In 2020, the RECON vulnerability exposed thousands of SAP systems to remote attacks, leading to urgent global patching. As with RECON, the new flaws were flagged by researchers (Pathlock, SecurityBridge) before SAP could react - underscoring the cat-and-mouse game between defenders and digital thieves.

While SAP reports no evidence of widespread exploitation yet, the timing is tight. Researchers disclosed active attempts to probe the vulnerabilities just days before patches landed - highlighting how quickly cybercriminals move when enterprise gold is at stake.

Why This Matters: The Geopolitics of Cyber Risk

With SAP systems underpinning industries and governments alike, a critical flaw isn’t just an IT problem - it’s a geopolitical risk. Disruptions could ripple across supply chains, finance, and national security. As digital infrastructure becomes a battleground, the pressure mounts for timely patching and transparent reporting.

WIKICROOK

• CVSS: CVSS (Common Vulnerability Scoring System) is a standard method for rating the severity of security flaws, with scores from 0.0 to 10.0.
• Deserialization: Deserialization converts data into usable program objects. If not done securely, it can let attackers inject harmful instructions into applications.
• NetWeaver: NetWeaver is SAP’s central platform that connects, manages, and integrates business applications, enabling seamless data sharing and process automation for global enterprises.
• Patch: A patch is a software update released to fix security vulnerabilities or bugs in programs, helping protect devices from cyber threats and improve stability.
• Privilege Escalation: Privilege escalation occurs when an attacker gains higher-level access, moving from a regular user account to administrator privileges on a system or network.