Published On: Nov 26, 2025 09:28
Advisory No: TZCERT-SA-25-0122
Source: IBM
Software Affected: SQL Anywhere Monitor, SAP NetWeaver AS Java, SAP Solution Manager
SAP products are vulnerable to critical vulnerabilities. Exploitation of these vulnerabilities may allow an unauthenticated attacker to execute arbitrary code.
SQL Anywhere Monitor, SAP NetWeaver AS Java, and SAP Solution Manager are affected by the vulnerabilities tracked as CVE-2025-42890, CVE-2025-42944, and CVE-2025-42887 with CVSS scores of 10 and 9.9. The plugins are vulnerable due to hard-coded credentials within their code, deserialization vulnerability in SAP NetWeaver and missing input sanitation. The vulnerabilities allow attackers to send a specially crafted request to gain unauthorized access and execute arbitrary OS commands.
Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.
Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
