Detections
Analytics

SAP NetWeaver AS Java Insecure Deserialization (October 2025)

critical Nessus Plugin ID 270696

Language:

Synopsis

The remote SAP NetWeaver application server is affected by an insecure deserialization vulnerability.

Description

The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an insecure deserialization vulnerability as disclosed in the SAP Security Patch Day October 2025:

 - Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
 (CVE-2025-42944)

Note that Nessus has not tested for these issue but has instead relied only on the application's self-reported version number.

Solution

Apply the appropriate patch according to the vendor advisory.

See Also

http://www.nessus.org/u?9950e280

https://me.sap.com/notes/3660659

Plugin Details

Severity: Critical

ID: 270696

File Name: sap_netweaver_as_java_oct_2025.nasl

Version: 1.2

Type: remote

Family: Web Servers

Published: 10/17/2025

Updated: 10/17/2025

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.9

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-42944

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:sap:netweaver_application_server

Required KB Items: Settings/ParanoidReport, installed_sw/SAP Netweaver Application Server (AS)

Patch Publication Date: 9/8/2025

Vulnerability Publication Date: 9/8/2025

Reference Information

CVE: CVE-2025-42944

IAVB: 2025-A-0739