Detection for CVE-2025-42944# CVE-2025-42944
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
## How does this detection method work?
This detection method works by sending a GET request to identify SAP NetWeaver Application Server instances through their server headers, extracting the version number using regex, and then using a DSL matcher to check if the detected version is 7.50 or below, which would indicate potential vulnerability to the deserialization exploit in the RMI-P4 module.
## How do I run this script?
1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml`
### Example Output
<img width="646" height="260" alt="Screenshot 2025-09-11 at 11 53 27" src="https://github.com/user-attachments/assets/36ffc079-c002-446d-bb9b-b029e052f3ca" />
## References
- https://nvd.nist.gov/vuln/detail/CVE-2025-42944
- https://me.sap.com/notes/3634501
- https://www.bleepingcomputer.com/news/security/sap-fixes-maximum-severity-netweaver-command-execution-flaw/
## Disclaimer
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
## Share This Detection Capability
<div align="center">
<a href="https://twitter.com/intent/tweet?text=Check%20out%20this%20CVE%20detection%20template%20by%20@rxerium!&url=https://github.com/rxerium/poc-template" target="_blank">
<img src="https://img.shields.io/badge/🐦%20Share%20on-Twitter-lightgrey?style=flat&logo=twitter&logoColor=1DA1F2" alt="Share on Twitter"/>
</a>
<a href="https://www.linkedin.com/sharing/share-offsite/?url=https://github.com/rxerium/poc-template" target="_blank">
<img src="https://img.shields.io/badge/💼%20Share%20on-LinkedIn-lightgrey?style=flat&logo=linkedin&logoColor=0077B5" alt="Share on LinkedIn"/>
</a>
<a href="mailto:?subject=CVE%20Detection%20Template&body=Check%20out%20this%20interesting%20CVE%20detection%20template%20by%20rxerium:%20https://github.com/rxerium/poc-template" target="_blank">
<img src="https://img.shields.io/badge/%20Share%20via-Email-lightgrey?style=flat&logo=gmail&logoColor=D14836" alt="Share via Email"/>
</a>
</div>
---
## Contact
Feel free to reach out via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw) if you have any questions.
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view