CVE-2025-31324

Published Apr 24, 2025

Last updated 2 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-31324 is a vulnerability affecting SAP NetWeaver Visual Composer Metadata Uploader. The core issue is a missing authorization check, which allows unauthenticated attackers to upload potentially malicious executable binaries to the system. This vulnerability can be exploited by crafting malicious POST requests to deliver webshells, enabling attackers to execute system commands, upload unauthorized files, seize control of compromised systems, execute remote code, and potentially steal sensitive data.

Description
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
Source
cna@sap.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
SAP NetWeaver Unrestricted File Upload Vulnerability
Exploit added on
Apr 29, 2025
Exploit action due
May 20, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cna@sap.com
CWE-434

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

3

  1. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    8 May 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. 🚨 Second wave of attacks hits SAP NetWeaver CVE-2025-31324 flaw Despite April patch, attackers are leveraging planted webshells for full system takeover. CVSS 10, zero-day exploited with Brute Ratel & Heaven’s Gate tools. https://t.co/EYbANM9bjV #SAP #ZeroDay #CyberSe

    @dCypherIO

    7 May 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    7 May 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Guidance for handling CVE-2025-31324 using Microsoft Security capabilities from Shahar Bahat https://t.co/0d1W5K1hIs

    @AzureWeekly

    7 May 2025

    554 Impressions

    3 Retweets

    5 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  5. ゼロデイ脆弱性が発生した後、SAP NetWeaverに対する第2波の攻撃が発生中(CVE-2025-31324) https://t.co/AL33PGLN7O #Security #セキュリティ #ニュース

    @SecureShield_

    7 May 2025

    67 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🔓 Major breach alert: Hackers exploited a zero-day flaw (CVE-2025-31324) in SAP NetWeaver, deploying webshells to infiltrate systems. A second wave of attacks is now underway, targeting previously compromised servers. Immediate patching and thorough system audits are critical.

    @unitv_network

    6 May 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. A critical vulnerability (CVE-2025-31324) in SAP systems has been discovered, rated 10/10 in severity due to its potential exploitation by attackers. With reports of over 1,200 instances exposed, companies using the NetWeaver Visual Composer need to act quickly to safeguard th...

    @CybrPulse

    6 May 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. "Don't let your business be caught in the second wave of CVE-2025-31324 attacks! https://t.co/DAJgWHU8z7 #TechNews #Malware #CyberSecurity

    @EnRouteIT

    6 May 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    6 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    5 May 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    5 May 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    4 May 2025

    56 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    4 May 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    4 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Hey, did you hear about that SAP NetWeaver flaw (CVE-2025-31324)?! Attackers can just waltz in WITHOUT a password! Update ASAP or risk total system takeover! #cybersecurity https://t.co/nQwWfz3Tdj

    @fin_tech_news_

    3 May 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    3 May 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    3 May 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Se ha descubierto una vulnerabilidad crítica zero-day (CVE-2025-31324) en SAP NetWeaver Java que permite ejecución remota con control total del sistema. https://t.co/j1sG0ZxT3d

    @esconsulting__

    2 May 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🆕 SAP Zero-Day IoC Scanner available from Mandiant + Onapsis 🔎 This tool aims to help organizations identify IoCs associated with exploitation of a recently patched vulnerability in SAP NetWeaver Application Server Java: CVE-2025-31324. Learn more: https://t.co/cD4lupxOnC

    @onapsis

    2 May 2025

    126 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    2 May 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. SAP NetWeaverのゼロデイ脆弱性(CVE-2025-31324)が悪用、CISAがKEVデータベースに追加 #セキュリティ対策Lab #セキュリティ #Security https://t.co/x9c8AvNZVd

    @securityLab_jp

    2 May 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 Over 1,200 SAP NetWeaver Servers Vulnerable to Actively Exploited Flaw (#CVE-2025-31324) https://t.co/BgUBr5A147 Educational Purposes!

    @UndercodeUpdate

    2 May 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    2 May 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    1 May 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. #threatreport #LowCompleteness SAP NetWeaver CVE-2025-31324 Exploitation | 30-04-2025 Source: https://t.co/r5wCE4gcmn Key details below ↓ 🧑‍💻Actors/Campaigns: Thewizards 💀Threats: Xmrig_miner, Slaac_spoofing_technique, Aitm_technique, Wizardnet, Spellbinder, Rozena

    @rst_cloud

    1 May 2025

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🚨 New SAP Zero-Day – CVE-2025-31324 (CVSS 9.9) Critical unauthenticated access flaw in SAP NetWeaver AS Java SAP environments just got hit with a major vulnerability — CVE-2025-31324 — a missing authentication check in the UDDI

    @Cyb3rTldr

    1 May 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    1 May 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. Failed to exploit SAP Visual Composer CVE-2025-31324 vulnerability! Why? Response: https://t.co/Do2sLMGS6x

    @realxs711

    1 May 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild https://t.co/vXLtDmlH6M https://t.co/EmR2V4e4aZ

    @NickBla41002745

    1 May 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Over 1,200 SAP NetWeaver servers are vulnerable to an actively exploited unauthenticated file upload flaw (CVE-2025-31324). I've crafted a KQL query to help detect public-facing instances—time to audit and secure! https://t.co/9IIa5IX7Uu KQL Code: https://t.co/wMiGLdm7t5 https

    @0x534c

    1 May 2025

    2043 Impressions

    8 Retweets

    44 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  31. A critical vulnerability in SAP NetWeaver Visual Composer is wreaking havoc, with over 7,500 servers potentially at risk and confirmed compromises across multiple organizations. This flaw, CVE-2025-31324, allows unauthenticated access, making it a goldmine for attackers who ha...

    @CybrPulse

    1 May 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. 🚨 CVE-2025-31324 Critical RCE in SAP NetWeaver Visual Composer—unauthenticated file upload vulnerability under active exploitation. CVSS 10.0. 🛠️ Patch now: SAP Note #3594142 🔍 Details + live CVE view: 👉 https://t.co/jL0ivAAa95 https://t.co/Fv3OORWFtY

    @rapidriskradar

    30 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. #cybersecurity Critical #SAP #ZeroDay Vulnerability Under Active Exploitation (CVE-2025-31324) https://t.co/Xppc6Pwhhh

    @jos1727

    30 Apr 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Guidance for handling CVE-2025-31324 using Microsoft Security capabilities https://t.co/SuGS1z2lHq #Microsoft #techcommunity

    @MSITTechNews

    30 Apr 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. ⚠️ Over 400 SAP NetWeaver Servers Exposed to Actively Exploited RCE Vulnerability (CVE-2025-31324) A critical zero-day flaw in SAP’s NetWeaver platform—now tracked as CVE-2025-31324—is under active exploitation, putting over 400 servers at risk worldwide. This RCE htt

    @efani

    30 Apr 2025

    279 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    30 Apr 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. 米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1327 CVE-2025-31324 SAP NetWeaver Unrestricted File Upload Vulnerability ============= CVSSスコア:10.0 (Base) / SAP SE CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

    @piyokango

    30 Apr 2025

    3807 Impressions

    4 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  38. Exploitation of CVE-2025-31324 has been ongoing throughout April 2025, with threat actors leveraging tools such as Brute Ratel and Heaven's Gate for code execution and evasion after initial access. Learn more in our latest #security bulletin. https://t.co/ALsOC5cp3J

    @ervik

    30 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Active Exploitation of SAP Zero-Day Vulnerability (CVE-2025-31324, SAP Security Note 3594142) #ζαγαρια https://t.co/eLCQT9ZeIB

    @PaNAS_010170

    30 Apr 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. #CVE-2025-31324 Attention,The SAP Visual Composer CVE-2025-31324 vulnerability is being exploited crazily. 887 targets were extracted from the data mapped by ZoomEye, of which 45 targets were confirmed to have backdoor webshells and had been hacked. https://t.co/5T0fWEnIsj

    @_r00tuser

    30 Apr 2025

    1231 Impressions

    2 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  41. A critical zero-day vulnerability (CVE-2025-31324) in SAP's NetWeaver Visual Composer allows unauthenticated attackers to upload malicious files, posing a severe threat to enterprise systems, especially in manufacturing. Active exploitations have been noted since March 27, 202...

    @CybrPulse

    30 Apr 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  42. A zero-day vulnerability in SAP NetWeaver (CVE-2025-31324) is being actively exploited, granting attackers the ability to exert full control over critical business processes. With over 10,000 potentially at-risk applications and a perfect CVSS score, organizations must priorit...

    @CybrPulse

    30 Apr 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  43. Actively exploited CVE : CVE-2025-31324

    @transilienceai

    29 Apr 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  44. 🚨 +1,200 servidores SAP NetWeaver expuestos a grave vulnerabilidad (CVE-2025-31324). Ataques activos detectados. 📌 Actualiza ahora o restringe acceso a /developmentserver/metadatauploader. ¡Protege tu entorno! #SAP #Ciberseguridad #SISAPNews https://t.co/5wuPE4d036

    @SISAP_LATAM

    29 Apr 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 初期アクセスブローカーの疑いのある人物が SAP NetWeaver の重大な脆弱性を悪用 (CVE-2025-31324) Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) #HelpNetSecurity (Apr 28) https://t.co/ZHxBEC7rIA

    @foxbook

    29 Apr 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 🛡️ We added SAP NetWeaver unrestricted file upload vulnerability, CVE-2025-31324 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/0t3o1wMvRq

    @CISACyber

    29 Apr 2025

    8043 Impressions

    19 Retweets

    45 Likes

    4 Bookmarks

    13 Replies

    3 Quotes

  47. SAP Zero Day Vulnerability CVE-2025-31324 / Security Note 3594142 - Layer Seven Security https://t.co/KS56hueeJb https://t.co/vKRNYLNXQL

    @LayerSeven

    29 Apr 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild https://t.co/ZsoTde27hk https://t.co/woq5nPYnrJ

    @ggrubamn

    29 Apr 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 🛡️ Over 400 SAP Servers Exposed to Attacks CVE-2025-31324 (CVSS 10) lets attackers upload malicious files via Visual Composer. 427 SAP NetWeaver instances are exposed globally. Exploited in the wild. Patch now via SAP Note 3594142. https://t.co/cG4kPOZjm2 #SAP #CyberSecur

    @dCypherIO

    29 Apr 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 🛡️ Over 400 SAP Servers Exposed to Attacks CVE-2025-31324 (CVSS 10) lets attackers upload malicious files via Visual Composer. 427 SAP NetWeaver instances are exposed globally. Exploited in the wild. Patch now via SAP Note 3594142. https://t.co/cG4kPOZjm2 #SAP #CyberSecur

    @dCypherIO

    29 Apr 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations