SAP’s September Surprise: Major NetWeaver Flaws Get the Boot!
SAP’s September 2025 Patch Day revealed 21 new security notes, including critical NetWeaver flaws. Among them, a deserialization issue and a file operation flaw could lead to system compromise. Onapsis Research Labs helped patch two critical flaws, ensuring SAP users can rest easier—unless, of course, they’re napping on the job.
Hot Take:
**_SAP’s September Patch Day feels like a cybersecurity soap opera with more drama than a daytime TV show! Four critical flaws got their moment in the spotlight, and it seems like SAP’s NetWeaver is the star of the show, albeit reluctantly. Get your popcorn ready, because this month’s episode is all about remote code execution, privilege escalation, and a dash of directory traversal for good measure!_**
Key Points:
– SAP issued 21 new and 4 updated security notes, four of which are critical.
– Two critical vulnerabilities were patched in NetWeaver AS Java with the help of Onapsis Research Labs.
– The most severe flaw, CVE-2025-42944, allows remote code execution via malicious payloads.
– A Directory Traversal flaw from 2023 received an update, highlighting the ongoing saga of cybersecurity.
– Unclear if any vulnerabilities have been exploited in the wild.