CVE-2025-31324
Published Apr 24, 2025
Last updated 2 months ago
AI description
CVE-2025-31324 is a vulnerability affecting SAP NetWeaver Visual Composer Metadata Uploader. The core issue is a missing authorization check, which allows unauthenticated attackers to upload potentially malicious executable binaries to the system. This vulnerability can be exploited by crafting malicious POST requests to deliver webshells, enabling attackers to execute system commands, upload unauthorized files, seize control of compromised systems, execute remote code, and potentially steal sensitive data.
- Description
- SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
- Source
- cna@sap.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SAP NetWeaver Unrestricted File Upload Vulnerability
- Exploit added on
- Apr 29, 2025
- Exploit action due
- May 20, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cna@sap.com
- CWE-434
- Hype score
- Not currently trending
🚨 Exploitation active de la CVE-2025-31324 (CVSS 10) dans SAP NetWeaver. Le CERT-Sysdream analyse les modes d’attaque, les groupes impliqués, les IoC et les cibles (infras critiques, gouvernement…). 📖 À lire ici absolument : https://t.co/ekUkV1U2dX https://t.co/4AyBP
@Hub_One
17 Jul 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Adversary Infrastructure and Indicators Behind the SAP NetWeaver 0-Day Exploitation | 14-07-2025 Source: https://t.co/zkqaxwyB3u Key details below ↓ 💀Threats: Cobalt_strike_tool, 🔓CVEs: CVE-2025-31324 \[[Vulners](https://t.co/NbtjwfWs3M)]
@rst_cloud
15 Jul 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 🚨 Exploitation active de la CVE-2025-31324 (CVSS 10) dans SAP NetWeaver. Le CERT-Sysdream analyse les modes d’attaque, les groupes impliqués, les IoC et les cibles (infras critiques, gouvernement…). 📖 À lire : https://t.co/r1f9fYa7hu https://t.co/U4xhZO823q
@sysdream
10 Jul 2025
138 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
6 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
6 Jul 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
5 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#threatreport #LowCompleteness SAP NetWeaver CVE-202 | 29-06-2025 Source: https://t.co/tX39Oy2JsU Key details below ↓ 💀Threats: Xmrig_miner, 🎯Victims: Sap netweaver server administrators, Sap customers 🔓CVEs: CVE-2025-31324 \[[Vulners](https://t.co/NbtjwfWs3M)] -
@rst_cloud
30 Jun 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
30 Jun 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
29 Jun 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
28 Jun 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
28 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Tracking CVE-2025-31324: Darktrace’s detection of SAP Netweaver exploitation before and after disclosure via @Darktrace #Cybersecurity https://t.co/W7pzHb1xo3
@GothamTG
26 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In this episode of IT SPARC Cast - CVE of The Week, @john_Video and @loudoggeek break down CVE-2025-31324 — a critical remote code execution vulnerability in SAP NetWeaver’s Visual Composer. With a CVSS score of 9.8, this exploit is not just theory — it’s actively being h
@ITSPARCCast
24 Jun 2025
92 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-31324
@transilienceai
24 Jun 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Tracking CVE-2025-31324: Darktrace’s detection of SAP Netweaver exploitation before and after disclosure - Darktrace https://t.co/dQRfNCQ7qD #hacking #cybersecurity https://t.co/Ckza9RBp8Z
@cliffvazquez
23 Jun 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
23 Jun 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
22 Jun 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
21 Jun 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-31324 in SAP NetWeaver Visual Composer allows remote code execution via file upload. Chinese APTs & ransomware groups exploited it to deploy KrustyLoader & JuicyPotato, with Darktrace detecting early threats. 🚨 #SAP #CyberThreats #China https://t.co/XMXlBOji8W
@TweetThreatNews
19 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 3 Critical CVEs – Patch Now! 🔒 Linux (CVE-2025-6018/6019): Root via udisks + PAM ✅ Update all major distros 🧨 Veeam (CVE-2025-23121): RCE via domain user ✅ Patch to v12.1.2.1722 🔥 SAP (CVE-2025-31324): CVSS 10.0 zero-day ✅ Apply Apr/May 2025 SAP Notes htt
@Samuel257196756
19 Jun 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Tracking CVE-2025-31324: Darktrace’s detection of SAP Netweaver exploitation before and after disclosure https://t.co/wieOCUS9xU A critical vulnerability, CVE-2025-31324, has been disclosed in SAP’s NetWeaver Visual Composer, a widely used application server and development
@f1tym1
16 Jun 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔎 In May’s VulnTracking report, we take a deep dive into SAP NetWeaver (CVE-2025-31324). What we discovered: When public exploits were released, bad actors (such as botnets) and legitimate security scanners surged simultaneously, proving both sides depend on the same https:
@Crowd_Security
6 Jun 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Comment: Given the active exploitation, have there been analyses of the ransomware actors’ specific techniques, tactics, and procedures (TTPs) in exploiting CVE-2025-31324, and how might t... #SAPSecurity https://t.co/f62BX6pMrb
@storagetechnews
4 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
1 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
30 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
China-linked Earth Lamia exploits server vulnerabilities across Asia and Brazil, using SQL injection and custom backdoors like PULSEPA to target finance, government, and more. Stay alert. 🚨 #CVE-2025-31324 #EarthLamia #Brazil https://t.co/NKNJw25FJ5
@TweetThreatNews
30 May 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغرة #RCE في SAP NetWeaver CVE-2025-31324! إذا كان إصدار SAP NetWeaver 7.5X الذي تم تنشيط Visual Composer فيه يستدعي استجابة 200 OK، فاتخذ إجراءات فورية. 🔍product: sap netweaverapplicationserver 👉اطلع على
@CriminalIP_AR
30 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP NetWeaver의 #RCE 취약점 CVE-2025-31324! Visual Composer가 활성화된 SAP NetWeaver 7.5X 버전이 200 OK 응답을 호출한다면 바로 조치를 취하세요. 🔍product: sap netweaverapplication server 👉#CTI 와 #ASM 을 활용한 CVE-2025-31324 대응법 자
@CriminalIP_KR
30 May 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
30 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
29 May 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Vulnerabilidad de SAP VC (CVE-2025-31324) Una falla crítica en SAP NetWeaver Visual Composer (VC) que permite la ejecución remota de código sin autenticación más info: https://t.co/Pz6fhR9h2y #PorUnEcuadorCiberseguro @Arcotel_ec @CsirtCEDIA @CsirtEPN @CSIRT_Telconet https
@EcuCERT_EC
27 May 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
27 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
On April 24, 2025, SAP disclosed CVE-2025-31324, a critical vulnerability with a CVSS score of 10.0 affecting the SAP NetWeaver's Visual Composer Framework, version 7.50.
@Operator7771337
26 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chaya_004 hackers linked to China exploit SAP flaw CVE-2025-31324, Forescout says, deploying custom Golang-based SuperShell tool. #CyberSecurity #SAPVulnerability #ChineseHackers https://t.co/9zfV7SOUaY
@CyberSecTV_eu
25 May 2025
74 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
25 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
24 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ New threat advisory: SAP zero-days CVE-2025-31324 & CVE-2025-42999 are under active exploitation. Dave DeWalt (@nightdragon) called them among the most serious SAP threats in years. Get intel, IOCs & IR guidance → https://t.co/uTbBHPIoAI #SAPSecurity #CVE2025
@onapsis
23 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A considerable update to our Threat Brief on CVE-2025-31324 includes new indicators that defenders can use for threat hunting. Take a look now: https://t.co/RXUuFf12tl https://t.co/R8wT93cmEU
@Unit42_Intel
23 May 2025
2766 Impressions
9 Retweets
29 Likes
5 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
22 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
We link specific malware samples to the exploitation of CVE-2025-31324 in SAP NetWeaver and also identify associated network infrastructure, including C2 servers. Read our findings: https://t.co/RXUuFf12tl https://t.co/x2XHOo0QaD
@Unit42_Intel
22 May 2025
2581 Impressions
5 Retweets
37 Likes
4 Bookmarks
0 Replies
0 Quotes
【重要セキュリティ情報:CVE-2025-31324 NetWeaver Visual Composerの脆弱性】 緊急警報じゃ!SAP NetWeaverにCVSSスコア10.0の激ヤバ脆弱性が見つかったぞい!即刻対応が必要じゃ! 2025年4月のSAPセキュリティパッチデーで
@saplabo_hakase
22 May 2025
198 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness CVE-2025-31324: Simple Exploit, Serious Impact | 21-05-2025 Source: https://t.co/r1EufLl0Rb Key details below ↓ 💀Threats: Qilin_ransomware, Tsunami_botnet, Cobalt_strike, 🎯Victims: Major global enterprise 🌐Geo: Indonesia, China 🔓CV
@rst_cloud
22 May 2025
125 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#CyberAlerte | Vulnérabilité touchant les serveurs de SAP NetWeaver Le Centre pour la cybersécurité est au courant de l’exploitation de la vulnérabilité CVE-2025-31324 depuis le mois de mars 2025. https://t.co/mM1URbrivL
@centrecyber_ca
21 May 2025
27 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
#CyberAlert | Vulnerabilities impacting SAP NetWeaver servers The Cyber Centre is aware of reports that CVE-2025-31324 has been actively exploited since March 2025. https://t.co/J1dXYjh3pk
@cybercentre_ca
21 May 2025
329 Impressions
0 Retweets
4 Likes
1 Bookmark
1 Reply
0 Quotes
Vulnerabilities impacting SAP NetWeaver (CVE-2025-31324 and CVE-2025-42999) https://t.co/DNjFh87FE7 https://t.co/ft6XgGhEwV
@djhsecurity
21 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
21 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-31324 Alert: SAP NetWeaver targeted! This critical vulnerability may allow remote attackers to bypass authentication. Patch it NOW to avoid data compromise. #SAPSecurity 💼
@peoplepulseHR
21 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Qilin ransomware exploited SAP zero-day vulnerability CVE-2025-31324 weeks before public disclosure, highlighting the need for prompt patching and robust security measures. #CyberSecurity #SAP #QilinRansomware https://t.co/iK8wpKdhSC
@dailytechonx
20 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP NetWeaver RCE: Zero-Day Allows File Uploads, Qilin Ransomware Connection https://t.co/MYQQ91KTKe In a recent revelation, OP Innovate has uncovered early evidence of real-world exploitation of CVE-2025-31324 (CVSS 10), a The post SAP NetWeaver RCE: Zero-Day Allows File Upl
@f1tym1
20 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical zero-day vulnerability in SAP software, CVE-2025-31324, has been exploited by the Qilin ransomware group weeks before its public disclosure. With a CVSS score of 10.0, this vulnerability allows unauthenticated file uploads to servers, highlighting an alarming trend ...
@CybrPulse
20 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0"
}
],
"operator": "OR"
}
]
}
]