Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The IONIX research team is tracking CVE-2025-42944, an insecure deserialization vulnerability affecting SAP NetWeaver AS Java’s RMI-P4 module—a critical issue warranting immediate attention.

On September 9, 2025, SAP released its September 2025 Security Patch Day update with patches for 21 vulnerabilities. The most severe of these, CVE-2025-42944, is a maximum-severity deserialization vulnerability of untrusted Java objects in SAP NetWeaver that resides in the RMI-RP4 module. A remote unauthenticated threat actor can exploit this vulnerability by submitting a malicious payload to an open port to achieve arbitrary OS command execution.

HaloSHARE streamlines and secures your workflows with internal colleagues and external partners. Here’s how you can get started in 3 simple steps. Digital supply chains require seamless workflows to function. Be it large multi-partner infrastructure projects or two-way collaboration with a custom parts supplier, digital supply chain security measures must therefore improve - not impede - the production process.

SAP disclosed a critical RCE vulnerability(CVE-2025-31324) on April 24, 2025, impacting the Visual Composer Framework in NetWeaver Application Server Java, version 7.50. This flaw poses a serious risk to enterprises relying on SAP NetWeaver for their mission-critical operations. Unauthenticated attackers can exploit this vulnerability to upload and run arbitrary files on SAP servers, potentially resulting in complete system compromise.

On April 24th, 2025, SAP disclosed CVE-2025-31324, a critical missing authorization check vulnerability (CVSS 10.0) affecting the Metadata Uploader component of SAP NetWeaver Visual Composer. This vulnerability fails to restrict file upload content, allowing unauthenticated remote attackers to achieve full remote code execution (RCE) on affected servers.

On April 24, 2025, SAP released fixes for CVE-2025-31324, a maximum-severity zero-day unrestricted file upload vulnerability in the NetWeaver Visual Composer component. Visual Composer is a tool within NetWeaver for creating applications and user interfaces. The vulnerability was discovered by ReliaQuest, which initially observed its exploitation in the wild.

Data loss prevention (DLP) software provides strong protection after data is stored, Secude provides Zero Trust protection before data is stored. Together, they secure your digital supply chain. Ensuring digital supply chain security is a fundamental part of the EU’s NIS2 Directive - and for good reason. In recent years, digital supply chains have become the main targets of cyberwarfare, with supply chain attacks rising 2,600% since 2018.

On March 19, 2025, the CISA issued a warning about the active exploitation of CVE-2017-12637, a directory traversal vulnerability in SAP NetWeaver AS Java. This vulnerability, originally patched in 2017, has resurfaced due to incomplete mitigations, leading to increased risks for organizations using outdated or misconfigured SAP environments.

SAP HANA is a multi-model database that stores data in memory instead of on disk to handle high-speed transactions and real-time analytics simultaneously. Unlike traditional databases that rely heavily on disk I/O, SAP HANA's in-memory storage allows for significantly faster query execution and data processing, making it ideal for modern enterprise workloads. SAP HANA supports both OLTP (Online Transaction Processing) and OLAP (Online Analytical Processing) workloads within a single system.