Ethical Hacking News
Patch Tuesday brought a slew of critical updates from tech giants like Microsoft, Adobe, and Cisco. While Microsoft's patches were largely uneventful, SAP users are facing a more daunting challenge due to the numerous vulnerabilities in its flagship NetWeaver application.
Microsoft released eight security patches on Patch Tuesday, including two high-priority fixes and one critical flaw that allowed code execution over the network. SAP's latest update revealed four critical vulnerabilities in its flagship NetWeaver application, including one with a perfect 10 CVSS score. The CVE-2025-42944 vulnerability allows an unauthenticated attacker to compromise confidentiality, integrity, and availability of the system. Adobe issued 22 patches on Patch Tuesday, including critical fixes for ColdFusion and Commerce products. Android users received their biggest patch bundle of the year with 120 fixes, but non-Pixel owners will have to wait for OEM updates. Cisco dropped a quick high-severity patch for its Secure Firewall Adaptive Security Appliance (ASA) software that would allow a denial-of-service attack.
Microsoft's Patch Tuesday was a relatively quiet day for security patches, but that didn't stop the tech giant from delivering some critical updates to its users. On the other hand, ERP giant SAP took center stage as the worst offender when it comes to patching vulnerabilities in its flagship NetWeaver application.
According to recent reports, Microsoft's Patch Tuesday saw the release of eight important security patches, including two high-priority fixes for SMB Server and a critical flaw in the High Performance Compute package that allowed code execution over the network. However, unlike SAP, which seems to be having an unusually poor patching cycle this month, Microsoft's updates were largely uneventful.
In contrast, SAP users are facing a much more daunting challenge as the company's latest update revealed four critical vulnerabilities in NetWeaver, including one that scores a perfect 10 on the CVSS scale. This flaw involves deserialization and allows an attacker to abuse authentication privileges in the RMI-P4 module used to distribute Java objects.
The vulnerability known as CVE-2025-42944 is particularly concerning, as it allows an unauthenticated attacker to compromise confidentiality, integrity, and availability of the system. SAP users have been warned that they need to patch this issue ASAP to avoid potential security breaches.
Moreover, NetWeaver has two more critical issues: CVE-2023-27500, which allows anyone to overwrite system files in the control system for SAPRSBRO, and CVE-2025-42958, which can give access to admin-level read/write privileges. IBM i-series users are advised to be extra cautious when dealing with these vulnerabilities.
The vulnerability patching landscape was not limited to Microsoft alone, as Adobe also issued 22 patches on the second Tuesday of the month. The company delivered a critical fix for ColdFusion versions released between 2021 and 2025, which addresses a file system overwriting bug. Additionally, Adobe patched several critical vulnerabilities in its Commerce and Magento products.
Furthermore, Android users were treated to its biggest patch bundle of the year - 120 fixes with two of them already being used in the wild. However, non-Pixel owners will have to wait until their OEM issues an update for these patches.
Lastly, Cisco dropped a quick high-severity patch for its Secure Firewall Adaptive Security Appliance (ASA) software that would allow a denial-of-service attack.
In conclusion, Patch Tuesday saw a mixed bag of security updates from various tech giants. While Microsoft's patches were largely uneventful, SAP users are facing a more daunting challenge due to the numerous vulnerabilities in NetWeaver. As always, it is crucial for users to stay vigilant and apply these patches as soon as possible to avoid potential security breaches.
Patch Tuesday brought a slew of critical updates from tech giants like Microsoft, Adobe, and Cisco. While Microsoft's patches were largely uneventful, SAP users are facing a more daunting challenge due to the numerous vulnerabilities in its flagship NetWeaver application.
Related Information:
https://www.ethicalhackingnews.com/articles/Patch-Tuesday-The-Great-Vulnerability-Showdown---SAP-Takes-the-Cake-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/10/microsoft_patch_tuesday/
https://nvd.nist.gov/vuln/detail/CVE-2023-27500
https://www.cvedetails.com/cve/CVE-2023-27500/
https://nvd.nist.gov/vuln/detail/CVE-2025-42944
https://www.cvedetails.com/cve/CVE-2025-42944/
https://nvd.nist.gov/vuln/detail/CVE-2025-42958
https://www.cvedetails.com/cve/CVE-2025-42958/
Published: Tue Sep 9 23:14:44 2025 by llama3.2 3B Q4_K_M
