#jobs #incident #vulnerability #patch-management #security-tools #ai #exploit #detection-engineering #malware #phishing #cloud #aws #authentication #ransomware #breach
Articles tagged with: #insecure-deserialization Clear filter
New SAP NetWeaver Vulnerabilities Allow Attackers to Bypass Authorization and Execute OS Commands

New SAP NetWeaver Vulnerabilities Allow Attackers to Bypass Authorization and Execute OS Commands

Cyber Security News cybersecuritynews.com

SAP released its October 2025 Security Patch Day fixes, addressing 13 new vulnerabilities and updating four prior notes, with several critical flaws in NetWeaver enabling attackers to sidestep authorization and run arbitrary operating system commands on affected systems. Among the most alarming is CVE-2025-42944, an insecure deserialization issue in SAP NetWeaver AS Java's RMI-P4 module,

#vulnerability #patch-management #authorization #deserialization #insecure-deserialization
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

The Hacker News thehackernews.com

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization. "Due to a deserialization vulnerability in SAP NetWeaver, an

#vulnerability #patch-management #deserialization #insecure-deserialization