CVE-2025-42944 PoC — SAP NetWeaver 代码问题漏洞

Source

https://github.com/rxerium/CVE-2025-42944

Associated Vulnerability

Title:SAP NetWeaver 代码问题漏洞 (CVE-2025-42944)
Description:SAP NetWeaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。 SAP NetWeaver存在代码问题漏洞，该漏洞源于反序列化漏洞，可能导致执行任意OS命令。

Description

Detection for CVE-2025-42944

Readme

# CVE-2025-42944

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.

## How does this detection method work?

This detection method works by sending a GET request to identify SAP NetWeaver Application Server instances through their server headers, extracting the version number using regex, and then using a DSL matcher to check if the detected version is 7.50 or below, which would indicate potential vulnerability to the deserialization exploit in the RMI-P4 module.

## How do I run this script?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml` 

### Example Output

<img width="646" height="260" alt="Screenshot 2025-09-11 at 11 53 27" src="https://github.com/user-attachments/assets/36ffc079-c002-446d-bb9b-b029e052f3ca" />



## References

- https://nvd.nist.gov/vuln/detail/CVE-2025-42944
- https://me.sap.com/notes/3634501
- https://www.bleepingcomputer.com/news/security/sap-fixes-maximum-severity-netweaver-command-execution-flaw/


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

## Share This Detection Capability

<div align="center">
  <a href="https://twitter.com/intent/tweet?text=Check%20out%20this%20CVE%20detection%20template%20by%20@rxerium!&url=https://github.com/rxerium/poc-template" target="_blank">
    <img src="https://img.shields.io/badge/🐦%20Share%20on-Twitter-lightgrey?style=flat&logo=twitter&logoColor=1DA1F2" alt="Share on Twitter"/>
  </a>
  <a href="https://www.linkedin.com/sharing/share-offsite/?url=https://github.com/rxerium/poc-template" target="_blank">
    <img src="https://img.shields.io/badge/💼%20Share%20on-LinkedIn-lightgrey?style=flat&logo=linkedin&logoColor=0077B5" alt="Share on LinkedIn"/>
  </a>
  <a href="mailto:?subject=CVE%20Detection%20Template&body=Check%20out%20this%20interesting%20CVE%20detection%20template%20by%20rxerium:%20https://github.com/rxerium/poc-template" target="_blank">
    <img src="https://img.shields.io/badge/%20Share%20via-Email-lightgrey?style=flat&logo=gmail&logoColor=D14836" alt="Share via Email"/>
  </a>
</div>

---

## Contact

Feel free to reach out via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw) if you have any questions.

File Snapshot


 [4.0K]  /data/pocs/8b5ec6b1bbca93d0de3cc646baf8e0dfaf6b287f
├── [1.2K]  CVE-2025-42944.yaml
└── [2.7K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!