CVE-2025-42944 is a critical security vulnerability identified in SAP NetWeaver SERVERCORE 7.50, specifically within the RMI-P4 module. The vulnerability arises from improper handling of Java object deserialization, classified under CWE-502 (Deserialization of Untrusted Data). An attacker can exploit this flaw by sending crafted malicious serialized Java objects to an exposed RMI-P4 service port without requiring authentication or user interaction. Successful exploitation allows arbitrary operating system command execution on the affected server, compromising the confidentiality, integrity, and availability of the system and potentially the broader enterprise environment. The vulnerability has a CVSS v3.1 base score of 10.0, indicating maximum severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and scope changed (S:C). This means the attacker can remotely and easily exploit the vulnerability to gain full control over the system. SAP NetWeaver is widely used in enterprise environments for critical business processes, making this vulnerability particularly dangerous. Although no public exploits have been reported yet, the criticality and ease of exploitation make it a prime target for threat actors. The lack of available patches at the time of disclosure necessitates immediate defensive measures to mitigate risk.

The impact of CVE-2025-42944 on European organizations is substantial due to SAP NetWeaver's widespread deployment in critical sectors such as manufacturing, finance, logistics, and public administration. Exploitation can lead to full system compromise, allowing attackers to execute arbitrary commands, steal sensitive data, disrupt business operations, or deploy ransomware. Confidentiality breaches could expose personal data protected under GDPR, leading to regulatory penalties and reputational damage. Integrity violations may corrupt business-critical data, affecting decision-making and operational reliability. Availability impacts could result in downtime of essential services, causing financial losses and operational delays. Given the vulnerability requires no authentication and no user interaction, the attack surface is broad, increasing the likelihood of successful exploitation. European organizations with exposed RMI-P4 ports or insufficient network segmentation are particularly vulnerable. The threat also extends to supply chain partners and customers connected to affected SAP systems, amplifying the risk.

1. Immediate network-level mitigation: Restrict access to the RMI-P4 service port using firewalls and network segmentation to limit exposure only to trusted internal systems. 2. Monitor network traffic for unusual or unexpected serialized Java object payloads targeting the RMI-P4 port. 3. Implement strict ingress filtering and intrusion detection/prevention systems (IDS/IPS) tuned to detect deserialization attack patterns. 4. Apply SAP security notes and patches as soon as they become available from SAP to remediate the vulnerability. 5. Conduct thorough audits of SAP NetWeaver configurations to ensure no unnecessary services are exposed externally. 6. Employ application-layer security controls such as Web Application Firewalls (WAFs) with custom rules to block malicious payloads. 7. Establish incident response plans specifically addressing potential exploitation of deserialization vulnerabilities. 8. Educate IT and security teams about the risks of deserialization attacks and signs of compromise. 9. Regularly update and patch all related infrastructure components to reduce the attack surface. 10. Engage with SAP support and threat intelligence providers for timely updates and indicators of compromise.