As hackers exploit one high-severity SAP flaw, company warns of 3 more

A significant high-severity vulnerability in SAP's flagship Enterprise Resource Planning (ERP) software is currently being exploited by hackers, prompting urgent warnings from the company about additional security risks. SAP has identified over two dozen recently discovered vulnerabilities across its widely used products, including one critical flaw rated at the maximum severity level of 10. On Tuesday, SAP disclosed the alarming details surrounding this vulnerability, known as CVE-2025-42944, which has been found in its NetWeaver platform. This platform acts as the technical backbone for many of SAP’s enterprise applications. The critical flaw allows unauthenticated attackers to execute commands by sending malicious payloads to an open port, utilizing a deserialization vulnerability that has severe implications for data integrity. In its announcement, SAP also highlighted three additional high-severity vulnerabilities within NetWeaver, rated at 9.9, 9.6, and 9.1. This wave of disclosures comes shortly after the security firm SecurityBridge revealed that another high-severity vulnerability, CVE-2025-42957, which SAP addressed last month, was already being actively exploited. This particular vulnerability is associated with SAP S/4HANA, a suite designed to manage the intricate business processes of large organizations, including finance, accounting, and human resources. As the situation develops, businesses reliant on SAP's software are urged to take immediate action to safeguard their systems against these critical vulnerabilities.