CVE-2025-42944 is a critical vulnerability classified under CWE-502 (Deserialization of Untrusted Data) affecting SAP NetWeaver SERVERCORE 7.50, specifically its RMI-P4 module. The vulnerability arises from improper handling of serialized Java objects received over an open network port. An attacker can send crafted malicious payloads that, when deserialized by the vulnerable component, allow arbitrary code execution at the operating system level. This means the attacker can execute commands with the privileges of the SAP NetWeaver process, potentially leading to full system compromise. The vulnerability requires no authentication or user interaction, making it highly exploitable remotely. The CVSS v3.1 base score of 10.0 indicates maximum severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and complete impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits are currently known, the criticality and ease of exploitation make this a significant threat to organizations running the affected SAP NetWeaver version. SAP has not yet published patches, increasing the urgency for organizations to implement compensating controls.

The impact of CVE-2025-42944 is severe for organizations worldwide using SAP NetWeaver SERVERCORE 7.50. Successful exploitation can lead to arbitrary OS command execution, enabling attackers to take full control of the affected system. This compromises the confidentiality of sensitive business data, integrity of critical enterprise applications, and availability of essential services. Given SAP NetWeaver's role in many enterprise resource planning (ERP) and business process environments, exploitation could disrupt business operations, cause data breaches, and facilitate lateral movement within corporate networks. The vulnerability's unauthenticated and remote exploitation vector increases the risk of widespread attacks, including ransomware deployment or espionage. Organizations may face regulatory penalties, financial losses, and reputational damage if exploited.

1. Immediately restrict network access to the RMI-P4 service port using firewalls or network segmentation to limit exposure to untrusted networks. 2. Monitor network traffic for unusual or unexpected serialized Java object payloads targeting the RMI-P4 port. 3. Apply any available SAP security advisories or patches as soon as they are released; if patches are not yet available, engage SAP support for guidance. 4. Implement application-layer filtering or intrusion prevention systems capable of detecting and blocking malicious deserialization attempts. 5. Conduct thorough audits of SAP NetWeaver configurations to disable unnecessary services or modules, including RMI-P4 if not required. 6. Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect anomalous process behavior indicative of exploitation. 7. Maintain up-to-date backups and incident response plans to quickly recover from potential compromises. 8. Educate system administrators and security teams about the vulnerability and signs of exploitation to enhance detection and response capabilities.