CVE-2025-31324
Published Apr 24, 2025
Last updated 3 months ago
AI description
CVE-2025-31324 is a vulnerability affecting SAP NetWeaver Visual Composer Metadata Uploader. The core issue is a missing authorization check, which allows unauthenticated attackers to upload potentially malicious executable binaries to the system. This vulnerability can be exploited by crafting malicious POST requests to deliver webshells, enabling attackers to execute system commands, upload unauthorized files, seize control of compromised systems, execute remote code, and potentially steal sensitive data.
- Description
- SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
- Source
- cna@sap.com
- NVD status
- Analyzed
- Products
- netweaver
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SAP NetWeaver Unrestricted File Upload Vulnerability
- Exploit added on
- Apr 29, 2025
- Exploit action due
- May 20, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cna@sap.com
- CWE-434
- Hype score
- Not currently trending
Collaboration is what determines if a zero-day is catastrophic or contained. 🔒 In one week, we’ll provide a behind-the-scenes look at our coordinated response around CVE-2025-31324 with SAP. 🗓️ Feb 5 | 10am EST 🔗 https://t.co/fWuomTiElC https://t.co/29byyfc5JR
@onapsis
29 Jan 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver tracked as CVE-2025-31324, indicating that multiple threat actors are taking... https://t.co/1xiJQFWpPD
@pedri77
27 Jan 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We reviewed the specific vulnerabilities that shaped attacker behavior in 2025: 1️⃣React2Shell (CVE-2025-55182) 2️⃣SAP NetWeaver (CVE-2025-31324) 3️⃣PAN-OS Auth Bypass (CVE-2025-0108) 4️⃣Cisco IOS XE (CVE-2025-20188) 5️⃣Erlang/OTP SSH (CVE-2025-32433) Full b
@pdiscoveryio
10 Jan 2026
3532 Impressions
12 Retweets
69 Likes
34 Bookmarks
1 Reply
0 Quotes
Our CEO Mariano Nunez shares our top highlights, including: 🤝 Partnerships with @CrowdStrike & @Microsoft Sentinel 🏆 Making Inc.'s Best in Business for our CVE-2025-31324 work Get the full breakdown here: https://t.co/jZzoBhtvax https://t.co/vTi3ROVu7d
@onapsis
8 Jan 2026
68 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The Top 5 Vulnerabilities That Defined 2025: 1️⃣ React2Shell (CVE-2025-55182): Direct RCE in a widely used framework. 2️⃣ SAP NetWeaver (CVE-2025-31324): Critical exposure in enterprise ERP systems. 3️⃣ PAN-OS Auth Bypass (CVE-2025-0108): Bypassing the gatekeepers of
@HunterStrategy
7 Jan 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-31324 — MICROSOFT-CORP-MSN-AS-BLOCK Visit -- https://t.co/pGKc4fy03e #Loginsoft #Cytellite #Cybersecurity #CVE202531324 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/lHPQcFvycM
@Loginsoft_Intel
4 Jan 2026
97 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
Cytellite recent detection targeting CVE-2025-31324 — MICROSOFT-CORP-MSN-AS-BLOCK Visit -- https://t.co/oRfriDMxuw #Loginsoft #Cytellite #Cybersecurity #CVE202531324 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/22cQ6Kh5gW
@Loginsoft_Intel
25 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-31324 — MICROSOFT-CORP-MSN-AS-BLOCK Visit -- https://t.co/6rgNiK2jPT #Loginsoft #Cytellite #Cybersecurity #CVE202531324 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/dWoQuBMmbs
@Loginsoft_Intel
24 Dec 2025
49 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Webのセキュリティでの 攻撃されかた流れ 1 スクリプトファイルなどを 相手のサーバに何とかしてシュート! 今年だとCVE-2025-31324 2 リモート レンタルサーバの パスワード入手してのこんにちは!! 今
@bakeneko9x76
12 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor exploiting SAP Netweaver CVE-2025-31324 (arbitrary file upload vulnerability) from AS 16509 ( AMAZON-02 ) 🇺🇸 VirusTotal Detections 0/95 🟢 Direct link to event 👇 https://t.co/R2krK2YKR3
@DefusedCyber
24 Nov 2025
2779 Impressions
10 Retweets
31 Likes
12 Bookmarks
1 Reply
1 Quote
SAP NetWeaver unauthenticated file upload/RCE. APTs exploited this flaw in major infra ops [CVE-2025-31324] - CyberDudeBivash PostMortem Report Read the full report on - https://t.co/h8ZPf0eqyJ https://t.co/r9JUj60IYv
@cyberbivash
2 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-Nexus APTs Exploit SAP Flaw to Target Critical Infrastructure By Arda Büyükkaya Chinese nation-state actors are actively exploiting a newly disclosed SAP NetWeaver vulnerability (CVE-2025-31324) to infiltrate high-value critical infrastructure networks—and they’re u
@AwsSecDigest
29 Oct 2025
206 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
⚠️ Active exploits target SAP NetWeaver flaws CVE-2025-31324 & CVE-2025-42999. Attackers upload web shells & abuse deserialization for RCE. Patch via SAP Notes 3594142 & 3604119, restrict /metadatauploader, and remove vulnerable components ASAP
@bountyayush
21 Oct 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The New SAP Backdoor: Inside the Global Campaign Using CVE-2025-31324 for Unauthenticated RCE Read the full report on - https://t.co/b6DNRkY5rf https://t.co/XPY8pdAhVP
@cyberbivash
4 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP Zero Day Vulnerability CVE-2025-31324 / Security Note 3594142 https://t.co/KS56hueeJb https://t.co/VFeOuwzCLd
@LayerSeven
3 Oct 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MMEDIATE PATCH! A critical SAP NetWeaver Zero-Day (CVE-2025-31324) is under APT ATTACK for Remote Code Execution (RCE). Your most sensitive enterprise data is at risk of nation-state espionage. Read the full report on - https://t.co/sFw9CFK6my https://t.co/3gwRWO0cc5
@cyberbivash
29 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP ESPIONAGE CRISIS! China-Linked APTs are exploiting the NetWeaver RCE (CVE-2025-31324) to compromise 581+ Global Systems. Attackers are stealing core business secrets and intellectual property. Read the full report on - https://t.co/yi0WpkyMsO https://t.co/OpKoSgSoOb
@cyberbivash
29 Sept 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CRITICAL SAP ALERT! Exploitation of SAP NetWeaver is confirmed via two major flaws: CVE-2025-31324 and CVE-2025-42999. If you run SAP, your core business processes are at risk. Full Report on - https://t.co/3nuikOQQQz https://t.co/HY8CiJ0vKE
@cyberbivash
28 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP NetWeaver RCE (CVE-2025-31324, CVE-2025-42999) A Critical flaws allow unauthenticated RCE & system takeover. Patched April/May 2025. Exploited since Feb 10 (Onapsis). 🛡️ Action: Patch now, monitor, restrict access. #SAP #Cybersecurity @avleonovcom https://t.co/I9AFa
@CyberWolfGuard
24 Sept 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploitation of CVE-2025-31324 (Unauthenticated upload in SAP NetWeaver) From 49.90.35.72 🇨🇳( Chinanet ) VT Detections: 0/95 🟢 https://t.co/1I4V2VBUQ4
@DefusedCyber
24 Sept 2025
780 Impressions
2 Retweets
7 Likes
1 Bookmark
1 Reply
1 Quote
SAP NETWEAVER BREACH — 581 SYSTEMS BACKDOORED China-nexus APTs (UNC5221/5174, CL-STA-0048) weaponize CVE-2025-31324 for long-term espionage targeting critical infrastructure. CORTEX Intel: https://t.co/lSSHALDmgM https://t.co/aXu1eyjLim
@the_c_protocol
22 Sept 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【先週のブログまとめ📚】 🆕 Auto-Colorとは?CVE-2025-31324を狙う最新の脅威 中小企業でも狙われやすい脆弱性と対策のポイントを解説! 🔗 https://t.co/TiqAoQ6FH6 🍂 秋のセキュリティチェックリストで備える中
@synplanning
18 Sept 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👾 CVE-2025-31324 & CVE-2025-42999: SAP NetWeaver Visual Composer RCEs exploited in the wild; public exploits available. Patches released, but thousands of orgs may remain vulnerable. #SAP #NetWeaver #Onapsis ➡️ https://t.co/LJNuwvVSDC https://t.co/vrHq5xugQP
@leonov_av
17 Sept 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-7344 2 - CVE-2025-31324 3 - CVE-2024-44241 4 - CVE-2022-46689 5 - CVE-2025-31200 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
13 Sept 2025
183 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
#threatreport #MediumCompleteness SAP NetWeaver Metadata Uploader Vulnerability (CVE-2025-31324) | 10-09-2025 Source: https://t.co/6vm504rxkF Key details below ↓ 🧑💻Actors/Campaigns: Lapsus Shinyhunters 💀Threats: Auto-color, Havoc, 🎯Victims: Sap customers, Ente
@rst_cloud
11 Sept 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
"🚨 SAP users: CVE-2025-31324 allows remote code exec via metadatauploader. Active since March '25. Patch Sept '25 updates immediately. Monitor networks, restrict dev server access."
@Tudorel92659164
11 Sept 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor mass exploiting CVE-2025-31324 (SAP Netweaver RCE) from 45.15.140.117 ( Pq Hosting Plus S.r.l. ) 🇳🇿 VirusTotal Detections: 0/94 🟢 Payload contains an obfuscated webshell 📷 https://t.co/TOcu2tDQXI
@DefusedCyber
10 Sept 2025
3148 Impressions
9 Retweets
28 Likes
13 Bookmarks
0 Replies
1 Quote
🚨 SAP NetWeaver (CVE-2025-31324) Remains an Active Threat – Patch Now ReliaQuest is investigating an increase in JSP web shell deployment alongside exploitation of the SAP NetWeaver vulnerability (CVE-2025-31324). This activity may signal a new wave of exploitation. Our te
@ReliaQuestTR
5 Sept 2025
121 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
ERP is the new single point of failure. CVE-2025-31324 just proved it. https://t.co/ewcn4GERh5
@Amitendrathenua
5 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit für SAP-Sicherheitslücke CVE-2025-31324 veröffentlicht – Angreifer nutzen Schwachstelle aktiv aus https://t.co/eVFfIxPJdA
@KolaricDav5471
1 Sept 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP NetWeaver のゼロデイ CVE-2025–31324 を悪用:高度な RCE スクリプトの詳細が公開 https://t.co/YWFp5x2dnS NetWeaver の ICM (Internet Communication Manager) コンポーネントに存在する、ゼロデイ脆弱性 CVE-2025-31324 を狙う、攻撃ス
@iototsecnews
1 Sept 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP Threat Alert CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver Visual Composer under active exploitation. Attackers can gain SAP admin, steal data & disrupt operations.
@huseyin_yu46083
30 Aug 2025
4 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP Threat Alert CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver Visual Composer under active exploitation. Attackers can gain SAP admin, steal data & disrupt operations. 🔗 Full advisory: https://t.co/OWi56y75cJ #CyberSecurity #SAP #ThreatIntel https://t.co/goc9U
@sequretek_sqtk
29 Aug 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31324 has been a BITCH to deal with.. IYKYK
@baube19
27 Aug 2025
114 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Did you get a chance to check out this month's newsletter? Highlights include: ⚙️ Patch Day analysis ⚠️ A new active exploit for CVE-2025-31324 🧠 Zero Day panel insights 📈 2025 security trends Check it out on LinkedIn. ⬇️ https://t.co/IP2VdAX0H8 https://t.co/n
@onapsis
27 Aug 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 New Exploit Chains Two Critical SAP NetWeaver Flaws for RCE https://t.co/tSmT9FfKLD A publicly released exploit combines CVE-2025-31324 and CVE-2025-42999 to achieve remote code execution with admin privileges on unpatched NetWeaver servers. The exploit enables stealthy
@Huntio
25 Aug 2025
1303 Impressions
7 Retweets
18 Likes
4 Bookmarks
0 Replies
0 Quotes
Are you up to date on the latest SAP security threats? Our monthly newsletter covers: ⚙️ Patch Day analysis ⚠️ A new active exploit for CVE-2025-31324 🧠 Zero Day panel insights 📈 2025 security trends Get the full scoop and subscribe on LinkedIn. ⬇️ https://t.c
@onapsis
21 Aug 2025
278 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just saw that an exploit for a critical SAP vulnerability (CVE-2025-31324) was publicly released, targeting businesses worldwide. Even if you’ve patched before, now’s the time to double-check your systems, attackers move fast after exploit code goes public.
@VishnuHulikatti
21 Aug 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ Exploit público en SAP NetWeaver permite toma total del sistema Onapsis advirtió que se liberó un exploit que encadena dos: 1. CVE-2025-31324 (falta de autorización) 2. CVE-2025-42999 (deserialización insegura) en SAP NetWeaver. SAP lanzó actualizaciones en abr
@CycuraMX
20 Aug 2025
206 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
#Exploit for critical #SAP Netweaver flaws released (#CVE-2025-31324, CVE-2025-42999) https://t.co/QFSRbWL2uX
@ScyScan
20 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) https://t.co/rwKeswLCsp #HelpNetSecurity #Cybersecurity https://t.co/FbBt1NJJmY
@PoseidonTPA
20 Aug 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. https://t.co/foCm2qJbiM #SAP #NetWeaver #exploit #auth #bypass #RCE #cve #compromised #datatheft #CyberSecurity #CybersecurityNews #threatresq
@ThreatResq
20 Aug 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A severe exploit combining two critical vulnerabilities in SAP NetWeaver poses a significant risk for organizations, allowing unauthenticated attackers to seize control and execute arbitrary commands. With CVE-2025-31324 rated at a staggering 10.0 CVSS score, it's a clear and ...
@CybrPulse
20 Aug 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Public exploit chains SAP NetWeaver flaws CVE-2025-31324 & CVE-2025-42999, enabling remote code execution and bypassing authentication. Attacks active since March, involving ransomware & espionage groups. #SAPFlaws #RemoteCode #Germany https://t.co/GHlqVhiUTV
@TweetThreatNews
19 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShinyHunters release exploit for critical SAP vulnerabilities CVE-2025-31324 & CVE-2025-42999. Immediate patching required to prevent system takeover. Link: https://t.co/VH44Xs4eKV #Security #Exploit #Hacking #Threat #Patch #SAP #CVE #Cyber #Tech #Attack #Breach #Data #Softwa
@dailytechonx
19 Aug 2025
79 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP NetWeaver #Java Visual Composer Under Attack: #CVE-2025-31324 Exploit Spreads Wildly https://t.co/ccBAntawv2
@UndercodeNews
19 Aug 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A newly discovered critical vulnerability in SAP NetWeaver AS Java Visual Composer, CVE-2025-31324, is now actively exploited, posing severe risks to organizations that haven't patched. With public exploit tooling available, even less experienced attackers can execute remote c...
@CybrPulse
19 Aug 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
悪名高いハッキンググループShinyHuntersが、SAPの重大な脆弱性を狙った高度なエクスプロイトを公開しました。このエクスプロイトは、CVE-2025-31324などのゼロデイ脆弱性を連鎖させ、認証なしでSAPシステムにコ
@cyber_edu_jp
19 Aug 2025
79 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Yeni ortaya çıkan bir açık, SAP NetWeaver sistemlerinde ciddi güvenlik riskleri oluşturuyor. İki kritik güvenlik açığının (CVE-2025-31324 ve CVE-2025-42999) birleşimiyle oluşan bu istismar, kimlik doğrulamasını atlayarak sistemlere uzaktan kod çalıştırma imk
@et2mas
19 Aug 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 استغل عيب جديد يجمع بين ثغرتين حرجة في SAP NetWeaver، مما يعرض الأنظمة غير المرقعة لخطر الاختراق وسرقة البيانات. الثغرتان CVE-2025-31324 وCVE-2025-42999 يمكنهما تجاوز مصا
@Cybercachear
19 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0"
}
],
"operator": "OR"
}
]
}
]