CVE-2025-31324

Published Apr 24, 2025

Last updated 9 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-31324 is a vulnerability affecting SAP NetWeaver Visual Composer Metadata Uploader. The core issue is a missing authorization check, which allows unauthenticated attackers to upload potentially malicious executable binaries to the system. This vulnerability can be exploited by crafting malicious POST requests to deliver webshells, enabling attackers to execute system commands, upload unauthorized files, seize control of compromised systems, execute remote code, and potentially steal sensitive data.

Description
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
Source
cna@sap.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
SAP NetWeaver Unrestricted File Upload Vulnerability
Exploit added on
Apr 29, 2025
Exploit action due
May 20, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cna@sap.com
CWE-434

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

38

  1. Ransomware su SAP NetWeaver: sfruttato il CVE-2025-31324 per l’esecuzione remota di codice 📌 Link all'articolo : https://t.co/8p79rP5cVD #redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy ht

    @redhotcyber

    15 May 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    15 May 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. A recently disclosed critical security flaw (CVE-2025-31324) impacting the #SAP #NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. #Cybersecurity #infosec #cybercrime https://t.co/0d0wEfi7V9 https://t.co/CDjoV8NLR

    @twelvesec

    14 May 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Chinese hackers are using a fresh bug in SAP’s NetWeaver software (CVE-2025-31324) to slip into factories, utilities and other critical sites around the world. If your company runs SAP, install the patch or take servers offline right now. #CyberSecurity

    @unitv_network

    14 May 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Chinese APT groups exploit SAP NetWeaver 0-day (CVE-2025-31324) to target critical infrastructures worldwide. Organizations must patch systems and enhance security measures. #CyberSecurity #SAP #APT https://t.co/BT1HjBXk2Y

    @dailytechonx

    14 May 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Cybercriminals, including RansomEXX, BianLian, and Chinese APTs, are exploiting CVE-2025-31324 to remotely target unpatched SAP NetWeaver systems, risking global infrastructure & federal agencies. Patch now! ⚠️ #CyberThreat #SAPVuln #USA https://t.co/H7jvH1299H

    @TweetThreatNews

    14 May 2025

    89 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  7. 🔥 Two ransomware gangs—BianLian and RansomExx—are now exploiting a critical SAP flaw (CVE-2025-31324). They’re not alone. Nation-state hackers are in the mix too. One exploit. Full system access. 🔗 Read the full breakdown: https://t.co/bnqxoQLk8s

    @TheHackersNews

    14 May 2025

    11366 Impressions

    35 Retweets

    103 Likes

    12 Bookmarks

    0 Replies

    2 Quotes

  8. #threatreport #HighCompleteness China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures | 13-05-2025 Source: https://t.co/UEgIvOxUjn Key details below ↓ 🧑‍💻Actors/Campaigns: Cl-sta-0048 (🧠motivation: cyber_espionage)

    @rst_cloud

    14 May 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. 🚨 Chinese Threat Actors Exploit Critical SAP RCE Flaw (CVE-2025-31324) https://t.co/An3tNs0uvw A China-linked group, Chaya_004, is actively exploiting a critical SAP NetWeaver vulnerability (CVSS 10.0) to deploy SuperShell backdoors across industries like energy,

    @Huntio

    14 May 2025

    447 Impressions

    5 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  10. 🇨🇳Grupos vinculados a China aprovechan la vulnerabilidad en SAP CVE-2025-31324 para para atacar infraestructuras críticas en 581 sistemas de todo el mundo https://t.co/zVx6JgFLwC https://t.co/tqj2hWJc5D

    @elhackernet

    14 May 2025

    9393 Impressions

    77 Retweets

    173 Likes

    37 Bookmarks

    1 Reply

    4 Quotes

  11. Click on to be guided to linked headlines about China like: China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide Chinese Actor Hit Taiwanese Drone Makers, Supply Chains #China https://t.co/7grQOwKDgO

    @00_Anth0ny

    14 May 2025

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    14 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures | @EclecticIQ | https://t.co/EujnbYjQC3

    @780thC

    14 May 2025

    1052 Impressions

    12 Retweets

    23 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  14. China-Linked APTs Exploit SAP CVE-2025-31324: 581 Critical Systems Breached Globally A critical vulnerability in SAP NetWeaver (CVE-2025-31324) is being actively exploited by multiple China-linked advanced persistent threat (APT) groups, according to recent analysis. The flaw, h

    @PTechnology_nfo

    14 May 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Click on https://t.co/HUIxAqUPw6 to be guided to linked headlines about China like: China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide Chinese Actor Hit Taiwanese Drone Makers, Supply Chains #China https://t.co/EV7IzaBsHx

    @That_isChina

    14 May 2025

    87 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 China-Linked APTs Exploit SAP CVE-2025-31324 ➡️ 581 critical systems breached globally 🔓 Remote Code Execution (RCE) vulnerability in SAP 🎯 Targets: Finance, energy, and gov infra 📍 Still active — patch immediately! #CyberSecurity #SAP #ZeroDay #APT #CVE202531

    @SecurEpitome

    14 May 2025

    56 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. #China-Linked #APTs #Exploit #SAP #CVE-2025-31324 to #Breach 581 #Critical_Systems #Worldwide https://t.co/wwsvpLIQ4p https://t.co/rzRdD0do4z

    @omvapt

    14 May 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    14 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. 中国関連のAPTがSAPのCVE-2025-31324を悪用し、世界中の581の重要なシステムに侵入 https://t.co/yjidSd2JuW #Security #セキュリティ #ニュース

    @SecureShield_

    14 May 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. SAP、最近の攻撃で悪用された2つ目のゼロデイ脆弱性を修正(CVE-2025-42999、CVE-2025-31324) https://t.co/mnS0LlmVgw #Security #セキュリティ #ニュース

    @SecureShield_

    14 May 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. #China-Linked APTs Exploit #SAP #CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://t.co/vGJN36EZB8

    @ScyScan

    13 May 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. SAP patches two critical vulnerabilities (CVE-2025-31324 & CVE-2025-42999) exploited in recent zero-day attacks to upload web shells & backdoors. Organizations must update SAP NetWeaver now. 🚨 #SAP #CyberThreats #Germany https://t.co/WkjQyqSzYK

    @TweetThreatNews

    13 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Chinese threat actors are exploiting SAP CVE-2025-31324 to breach 581 critical systems globally, deploying web shells and malware across sectors like energy and healthcare. 🚨 Stay alert! #CyberRisk #China #CriticalSystems https://t.co/QvOE7hMVlH

    @TweetThreatNews

    13 May 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨 SAP May 2025 Patch Tuesday: Critical 0-day (CVE-2025-31324) fixed! 16 new Security Notes & 2 updates tackle NetWeaver vuln. Act now to protect your systems! 🔒💻 #CyberSecurity #SAPSecurity #PatchTuesday #ZeroDay #NetWeaver https://t.co/30RU074Izq

    @CyberWolfGuard

    13 May 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide. A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors... https://t.co/hJ570Cpiuu #InceptusSecure #UnderOurProtection

    @Inceptus3

    13 May 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. SAP’s May 2025 Security Patch Day delivers 16 updates, including critical patches for NetWeaver vulnerabilities like CVE-2025-31324, actively exploited flaws in Visual Composer. Protect your systems now! ⚠️ #SAP #SecurityUpdate #Germany https://t.co/PF1ChE6jn3

    @TweetThreatNews

    13 May 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. China-Linked APTs Exploit SAP #CVE-2025-31324 to #breach 581 Critical Systems Worldwide https://t.co/olh1CfpnzI

    @AdliceSoftware

    13 May 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 📌 تستغل جماعات مرتبطة بالصين ثغرة أمنية حرجة في SAP NetWeaver، المعروفة بـ CVE-2025-31324، لاستهداف أنظمة البنية التحتية الحيوية في جميع أنحاء العالم. تمكنت هذه الجه

    @Cybercachear

    13 May 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://t.co/PPEhp288oa https://t.co/zW5mJGU54T

    @TonyBeeTweets

    13 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 📍China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://t.co/7sr9RMCzbe

    @cyberetweet

    13 May 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. The Hacker News - China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://t.co/XUrM3mcGrn

    @buzz_sec

    13 May 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨 581 SAP servers BREACHED. China-linked APTs are exploiting CVE-2025-31324 to backdoor critical infrastructure—gas, water, and gov sectors across the 🇺🇸 🇬🇧 🇸🇦 3 active hacking groups, persistent access. 🔗 Details here: https://t.co/g1JwIenCu3

    @TheHackersNews

    13 May 2025

    14771 Impressions

    95 Retweets

    179 Likes

    42 Bookmarks

    2 Replies

    7 Quotes

  33. EclecticIQ analysts report that in April 2025, China-nexus APTs exploited SAP NetWeaver vulnerabilities to target critical infrastructures globally, leveraging CVE-2025-31324 for remote code execution and maintaining persistent access. #CyberSecurity #APT https://t.co/sX4uWyALog

    @Cyber_O51NT

    13 May 2025

    1164 Impressions

    10 Retweets

    17 Likes

    1 Bookmark

    0 Replies

    1 Quote

  34. A critical zero-day vulnerability (CVE-2025-31324) in SAP's NetWeaver Visual Composer has been actively exploited, allowing unauthenticated attackers to execute remote commands and compromise systems. The flaw, with a CVSS score of 10.0, affects a significant portion of Java s...

    @CybrPulse

    13 May 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. CVE-2025-31324 is a critical vulnerability in SAP NetWeaver Visual Composer 7.x, allowing remote code execution via malicious web shells. Exploited by Chinese threat actor Chaya004 since April 2025. ⚠️ #SAPVuln #China #CyberThreat https://t.co/YTlGUmuxiU

    @TweetThreatNews

    13 May 2025

    40 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  36. A critical vulnerability (CVE-2025-31324) in SAP NetWeaver was disclosed, allowing unauthorized file uploads and remote control over compromised systems. With a CVSS score of 10.0, this flaw impacts multiple customers, leading to potential data breaches and exploitation throug...

    @CybrPulse

    12 May 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. 💥 Chinese hackers exploit SAP NetWeaver flaw for RCE Threat actor Chaya_004 is exploiting CVE-2025-31324 to deploy shells & malware on unpatched SAP NetWeaver servers. Over 1,200 systems at risk. Patch ASAP. https://t.co/LVNjJJykXh #SAP #CyberAttack #Infosec #CISA https

    @dCypherIO

    12 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Les chercheurs de la société #Forescout ont lié une campagne d'exploitation d'une vulnérabilité sur des instances #SAPNetWeaver à un nouveau groupe de pirates chinois. Baptisée CVE-2025-31324, elle présente un score de sévérité critique (CVSS 10) 🤔 https://t.co/zkxl

    @RLDI_Lamy

    12 May 2025

    135 Impressions

    2 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. A támadók aktívan kihasználják az SAP NetWeaver szerver sebezhetőségét Az SAP közzétette a CVE-2025-31324 azonosítójú hitelesítést nem igénylő fájlfeltöltési (unauthenticated file upload) sérülékenységet, amely az SAP NetWeaver Visual Composer, azon belü

    @linuxmint_hun

    12 May 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 🚨 New critical SAP NetWeaver RCE vulnerability (CVE-2025-31324) Unauthenticated attackers can upload malicious files via /developmentserver/metadatauploader, leading to full system compromise. Exploited in the wild with web shells & reverse proxies. CVSS 10.0 – patch

    @CareWeDoNot

    12 May 2025

    66 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Unit 42 incident response and telemetry data reveal that attackers exploiting CVE-2025-31324 are deploying specific web shells and tools. This analysis details the reconnaissance commands used and the post-exploitation activities observed: https://t.co/o7pDrG6eJg

    @JimBeasleyCA

    12 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    12 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  43. Threat Brief: CVE-2025-31324 https://t.co/oDFu8bBEgX

    @NiallWilk

    12 May 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. (🧵Thread) Active exploitation of SAP NetWeaver Zero-Day CVE-2025-31324 surges ⬆️ At the end of April, the CrowdSec Network detected a wave of exploitation attempts targeting a critical zero-day vulnerability (CVSS 10.0) in SAP NetWeaver's Visual Composer component. This f

    @Crowd_Security

    12 May 2025

    277 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  45. ⚠️SAP NetWeaverサーバー狙う攻撃に中国のハッカーが関与:CVE-2025-31324 🚓7,000台のIoT、EOLデバイスから成るプロキシボットネットを米・蘭当局が解体 〜サイバーセキュリティ週末の話題〜 https://t.co/CDd0guWFkv #

    @MachinaRecord

    12 May 2025

    117 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. #threatreport #HighCompleteness Threat Brief: CVE-2025-31324 | 10-05-2025 Source: https://t.co/WwToeq2cfz Key details below ↓ 💀Threats: Goreverse, Supershell, Netstat_tool, Nltest_tool, Garble_tool, 🎯Victims: Sap netweaver users, Business analysts, Sap deployments 🌐

    @rst_cloud

    11 May 2025

    117 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeave https://t.co/WERITU4RJi

    @wikinger7

    11 May 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🛡️Vulnerabilidad de SAP bajo ataque desde enero: cientos de empresas ya fueron comprometidas Si usas SAP NetWeaver, ojo con esto. Han ocurrido ataques reales, confirmados y de gran número desde enero de 2025. ⚠️El problema es una vulnerabilidad crítica: CVE-2025-313

    @CycuraMX

    11 May 2025

    1033 Impressions

    11 Retweets

    25 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  49. 🚨 A critical RCE flaw, CVE-2025-31324, is being exploited in SAP NetWeaver by Chaya_004. Unauthenticated attackers can gain control through malicious uploads. #SAP #CyberSecurity #CVE202531324 https://t.co/unbfmhEfxd

    @ivanilves

    11 May 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    11 May 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations