---
title: "SAP Security Update Fixes Critical S/4HANA and NetWeaver Bugs"
date: 2025-09-10
author: "Sofia Ramirez"
featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2025/09/sap-release-security-patch-for-vulnerabilities.jpg"
categories:
  - name: "Cybersecurity"
    url: "/cybersecurity.md"
tags:
  - name: "News"
    url: "/tag/news.md"
---

# SAP Security Update Fixes Critical S/4HANA and NetWeaver Bugs

SAP users are being urged to immediately patch multiple **critical vulnerabilities**, including one that is **actively exploited**, affecting **S/4HANA** and **NetWeaver** systems.

## Quick Summary – TLDR:

- SAP fixed multiple severe bugs in **S/4HANA** and **NetWeaver**, some scoring up to **CVSS 10.0**
- One bug (CVE-2025-42957) is **actively exploited** in the wild and has **no workaround**
- Attackers can gain **full control of SAP systems**, steal data, deploy ransomware, or disrupt operations
- Enterprises must **patch urgently**, as many remain vulnerable due to complex system architectures

## What Happened?

SAP has released patches for a series of **critical vulnerabilities** in its flagship platforms **S/4HANA** and **NetWeaver**, some of which could let attackers take full control of enterprise systems. At least one of these flaws is already being **actively exploited**, sparking urgent warnings from security experts.

> 🚨Alert🚨CVE-2025-42944(CVSS 10.0):Insecure Deserialization vulnerability in SAP  
> Netweaver  
> CVE-2025-42922 (CVSS 9.9):Insecure File Operations vulnerability in SAP  
> NetWeaver AS Java  
> CVE-2025-42958 (CVSS 9.1):Missing Authentication Check vulnerability in the SAP  
> NetWeaver… [pic.twitter.com/LDvr3vFMjq](https://t.co/LDvr3vFMjq)
> 
> — Hunter (@HunterMapping) [September 10, 2025](https://twitter.com/HunterMapping/status/1965612372778680411?ref_src=twsrc%5Etfw)

 ## SAP Systems at Risk: S/4HANA and NetWeaver

One of the most serious flaws is **CVE-2025-42957**, a **code injection vulnerability** in **SAP S/4HANA** with a **CVSS score of 9.9**. The flaw allows a low-privilege user to inject **arbitrary ABAP code** and gain **admin-level access**. This opens the door to **data theft**, **[ransomware](https://sqmagazine.co.uk/ransomware-statistics/)**, **backdoors**, and **complete system disruption**.

Jonathan Stross, SAP security analyst at Pathlock, explained the gravity: “Because SAP S/4HANA is typically a central system of an organization’s financial, supply chain, and operational processes, its compromise can bring significant damage to an organization in literally any vertical.”

> Critical SAP security updates you need to know – September Patch Tuesday!  
>   
> September’s SAP Patch Tuesday delivers critical updates you can’t afford to miss.   
>   
> 👉 Read the article here: <https://t.co/BtI6Ps6NyN> [pic.twitter.com/N8mdcx2Xlw](https://t.co/N8mdcx2Xlw)
> 
> — Pathlock (@pathlock) [September 10, 2025](https://twitter.com/pathlock/status/1965739772359372969?ref_src=twsrc%5Etfw)

 Even more troubling, the **Dutch National Cyber Security Center** confirmed this flaw is already **being exploited in the wild**, though a public exploit has not yet surfaced.

Adding to the urgency, **there are no workarounds**. Organizations must apply SAP’s patch, which was released on **August 12**.

## More Critical Bugs in SAP NetWeaver

SAP’s **September security update** also fixed **three critical vulnerabilities** in **NetWeaver**, the platform that powers key applications like **ERP**, **CRM**, and **SCM**.

**Top vulnerabilities include:**

- **[CVE-2025-42944](https://www.cve.org/CVERecord?id=CVE-2025-42944) (CVSS 10.0)**: An **unauthenticated attacker** can exploit this **deserialization flaw** in **NetWeaver ServerCore** via the **RMI-P4** protocol to execute **arbitrary OS commands**.
- **CVE-2025-42922 (CVSS 9.9)**: A **file operations bug** in NetWeaver AS Java that lets attackers **upload arbitrary files** and potentially **compromise the system**.
- **CVE-2025-42958 (CVSS 9.1)**: A **missing authentication check** that enables **high-privileged users** to **read, modify, or delete sensitive data** and gain access to admin features.

**SAP also patched other high-severity bugs, including:**

- **CVE-2025-42916 (CVSS 8.1)** in **S/4HANA**, which lets attackers **delete database tables** if proper authorization is not in place.
- **CVE-2025-42933** and **CVE-2025-42929**, which involve **insecure storage of credentials** and **input validation issues** in Business One and SLT Replication Server.

## Complex SAP Landscapes Slow Down Patching

Stross noted that many enterprises are struggling to patch quickly: “Unfortunately, we continue to see hundreds of organizations that remain unpatched. Applying a fix in an SAP landscape is not as simple as updating a single system.”

SAP environments often span **multiple interconnected platforms**, each **deeply customized**. This makes timely patching difficult and increases the risk of prolonged exposure to serious vulnerabilities.

## Security Experts Recommend Immediate Action

While **CVE-2025-42957** is already being exploited, there’s no evidence yet that the newer vulnerabilities are being used in active attacks. However, experts stress that companies should not wait for proof of exploitation before acting.

**Onapsis**, a security firm that closely tracks SAP flaws, recommends filtering access to the **P4 port** as a temporary workaround for CVE-2025-42944, but strongly advises installing the patch as the primary fix.

## SQ Magazine’s Takeaway

This is exactly the kind of situation where **waiting is not an option**. SAP systems are the heart of many businesses. These are not just bugs. They are **doors wide open** to attackers who are already walking through one of them. If your organization runs **S/4HANA** or **NetWeaver**, stop everything and patch. I know patching SAP isn’t easy. It’s messy, interconnected, and a pain to test. But ignoring this risk is worse. Don’t let bureaucracy or complexity be the reason your data ends up on the [dark web](https://sqmagazine.co.uk/dark-web-statistics/).