Platform
sap
Component
sap-netweaver-as-java-deploy-web-service
Fixed in
2.0.1
CVE-2025-42922 affects SAP NetWeaver AS Java, specifically the Deploy Web Service component. This vulnerability allows an authenticated, non-administrative user to upload arbitrary files, potentially leading to a complete compromise of the system's confidentiality, integrity, and availability. The vulnerability impacts versions 7.50–J2EE-APPS 7.50, and a patch is expected from SAP.
The impact of CVE-2025-42922 is severe. An attacker, once authenticated, can leverage the flaw in the Deploy Web Service to upload malicious files. These files, upon execution, could grant the attacker complete control over the affected SAP NetWeaver AS Java system. This includes the ability to steal sensitive data, modify system configurations, install malware, and disrupt operations. The potential for lateral movement within the network is significant, as a compromised SAP system often serves as a central point for accessing other critical resources. The blast radius extends to all data and services hosted on the affected system, making this a high-priority vulnerability to address.
CVE-2025-42922 was publicly disclosed on September 9, 2025. Its CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of exploitation (requiring only authentication) suggests that it is likely to become a target for attackers. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns. This vulnerability has not yet been added to the CISA KEV catalog.
Exploit Status
EPSS
0.09% (25% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-42922 is to upgrade to a patched version of SAP NetWeaver AS Java as soon as it becomes available. Until the patch is applied, consider implementing temporary workarounds to reduce the attack surface. Restrict access to the Deploy Web Service to only authorized users and implement strict file upload validation to prevent the upload of executable files. Consider using a Web Application Firewall (WAF) to filter malicious requests targeting the vulnerable endpoint. Monitor system logs for suspicious file upload activity and unusual process executions.
Apply the security update provided by SAP in note 3643865. This will correct the arbitrary file upload vulnerability and prevent potential compromise of the system's confidentiality, integrity, and availability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-42922 is a critical vulnerability in SAP NetWeaver AS Java allowing authenticated users to upload arbitrary files, potentially leading to full system compromise. It impacts versions 7.50–J2EE-APPS 7.50.
If you are running SAP NetWeaver AS Java version 7.50–J2EE-APPS 7.50, you are potentially affected by this vulnerability. Assess your environment and prioritize patching.
The recommended fix is to upgrade to a patched version of SAP NetWeaver AS Java as soon as it becomes available. Until then, implement temporary workarounds like restricting access and file upload validation.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest it is likely to become a target. Continuous monitoring is crucial.
Refer to the official SAP Security Notes and Advisories on the SAP Support Portal for the latest information and patch details. Search for the CVE ID to find the relevant advisory.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.