## https://sploitus.com/exploit?id=F6FC129C-3BF2-5E49-BF72-2678619B3674
# CVE-2025-42944
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
## How does this detection method work?
This detection method works by sending a GET request to identify SAP NetWeaver Application Server instances through their server headers, extracting the version number using regex, and then using a DSL matcher to check if the detected version is 7.50 or below, which would indicate potential vulnerability to the deserialization exploit in the RMI-P4 module.
## How do I run this script?
1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml`
### Example Output
## References
- https://nvd.nist.gov/vuln/detail/CVE-2025-42944
- https://me.sap.com/notes/3634501
- https://www.bleepingcomputer.com/news/security/sap-fixes-maximum-severity-netweaver-command-execution-flaw/
## Disclaimer
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
## Share This Detection Capability
---
## Contact
Feel free to reach out via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw) if you have any questions.