CVE-2025-31324
Published Apr 24, 2025
Last updated 9 days ago
AI description
CVE-2025-31324 is a vulnerability affecting SAP NetWeaver Visual Composer Metadata Uploader. The core issue is a missing authorization check, which allows unauthenticated attackers to upload potentially malicious executable binaries to the system. This vulnerability can be exploited by crafting malicious POST requests to deliver webshells, enabling attackers to execute system commands, upload unauthorized files, seize control of compromised systems, execute remote code, and potentially steal sensitive data.
- Description
- SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
- Source
- cna@sap.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SAP NetWeaver Unrestricted File Upload Vulnerability
- Exploit added on
- Apr 29, 2025
- Exploit action due
- May 20, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cna@sap.com
- CWE-434
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
38
Ransomware su SAP NetWeaver: sfruttato il CVE-2025-31324 per l’esecuzione remota di codice 📌 Link all'articolo : https://t.co/8p79rP5cVD #redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy ht
@redhotcyber
15 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
15 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A recently disclosed critical security flaw (CVE-2025-31324) impacting the #SAP #NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. #Cybersecurity #infosec #cybercrime https://t.co/0d0wEfi7V9 https://t.co/CDjoV8NLR
@twelvesec
14 May 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Chinese hackers are using a fresh bug in SAP’s NetWeaver software (CVE-2025-31324) to slip into factories, utilities and other critical sites around the world. If your company runs SAP, install the patch or take servers offline right now. #CyberSecurity
@unitv_network
14 May 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Chinese APT groups exploit SAP NetWeaver 0-day (CVE-2025-31324) to target critical infrastructures worldwide. Organizations must patch systems and enhance security measures. #CyberSecurity #SAP #APT https://t.co/BT1HjBXk2Y
@dailytechonx
14 May 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cybercriminals, including RansomEXX, BianLian, and Chinese APTs, are exploiting CVE-2025-31324 to remotely target unpatched SAP NetWeaver systems, risking global infrastructure & federal agencies. Patch now! ⚠️ #CyberThreat #SAPVuln #USA https://t.co/H7jvH1299H
@TweetThreatNews
14 May 2025
89 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🔥 Two ransomware gangs—BianLian and RansomExx—are now exploiting a critical SAP flaw (CVE-2025-31324). They’re not alone. Nation-state hackers are in the mix too. One exploit. Full system access. 🔗 Read the full breakdown: https://t.co/bnqxoQLk8s
@TheHackersNews
14 May 2025
11366 Impressions
35 Retweets
103 Likes
12 Bookmarks
0 Replies
2 Quotes
#threatreport #HighCompleteness China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures | 13-05-2025 Source: https://t.co/UEgIvOxUjn Key details below ↓ 🧑💻Actors/Campaigns: Cl-sta-0048 (🧠motivation: cyber_espionage)
@rst_cloud
14 May 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Chinese Threat Actors Exploit Critical SAP RCE Flaw (CVE-2025-31324) https://t.co/An3tNs0uvw A China-linked group, Chaya_004, is actively exploiting a critical SAP NetWeaver vulnerability (CVSS 10.0) to deploy SuperShell backdoors across industries like energy,
@Huntio
14 May 2025
447 Impressions
5 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
🇨🇳Grupos vinculados a China aprovechan la vulnerabilidad en SAP CVE-2025-31324 para para atacar infraestructuras críticas en 581 sistemas de todo el mundo https://t.co/zVx6JgFLwC https://t.co/tqj2hWJc5D
@elhackernet
14 May 2025
9393 Impressions
77 Retweets
173 Likes
37 Bookmarks
1 Reply
4 Quotes
Click on to be guided to linked headlines about China like: China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide Chinese Actor Hit Taiwanese Drone Makers, Supply Chains #China https://t.co/7grQOwKDgO
@00_Anth0ny
14 May 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
14 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures | @EclecticIQ | https://t.co/EujnbYjQC3
@780thC
14 May 2025
1052 Impressions
12 Retweets
23 Likes
2 Bookmarks
0 Replies
0 Quotes
China-Linked APTs Exploit SAP CVE-2025-31324: 581 Critical Systems Breached Globally A critical vulnerability in SAP NetWeaver (CVE-2025-31324) is being actively exploited by multiple China-linked advanced persistent threat (APT) groups, according to recent analysis. The flaw, h
@PTechnology_nfo
14 May 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Click on https://t.co/HUIxAqUPw6 to be guided to linked headlines about China like: China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide Chinese Actor Hit Taiwanese Drone Makers, Supply Chains #China https://t.co/EV7IzaBsHx
@That_isChina
14 May 2025
87 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 China-Linked APTs Exploit SAP CVE-2025-31324 ➡️ 581 critical systems breached globally 🔓 Remote Code Execution (RCE) vulnerability in SAP 🎯 Targets: Finance, energy, and gov infra 📍 Still active — patch immediately! #CyberSecurity #SAP #ZeroDay #APT #CVE202531
@SecurEpitome
14 May 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#China-Linked #APTs #Exploit #SAP #CVE-2025-31324 to #Breach 581 #Critical_Systems #Worldwide https://t.co/wwsvpLIQ4p https://t.co/rzRdD0do4z
@omvapt
14 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
14 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
中国関連のAPTがSAPのCVE-2025-31324を悪用し、世界中の581の重要なシステムに侵入 https://t.co/yjidSd2JuW #Security #セキュリティ #ニュース
@SecureShield_
14 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP、最近の攻撃で悪用された2つ目のゼロデイ脆弱性を修正(CVE-2025-42999、CVE-2025-31324) https://t.co/mnS0LlmVgw #Security #セキュリティ #ニュース
@SecureShield_
14 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#China-Linked APTs Exploit #SAP #CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://t.co/vGJN36EZB8
@ScyScan
13 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP patches two critical vulnerabilities (CVE-2025-31324 & CVE-2025-42999) exploited in recent zero-day attacks to upload web shells & backdoors. Organizations must update SAP NetWeaver now. 🚨 #SAP #CyberThreats #Germany https://t.co/WkjQyqSzYK
@TweetThreatNews
13 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chinese threat actors are exploiting SAP CVE-2025-31324 to breach 581 critical systems globally, deploying web shells and malware across sectors like energy and healthcare. 🚨 Stay alert! #CyberRisk #China #CriticalSystems https://t.co/QvOE7hMVlH
@TweetThreatNews
13 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP May 2025 Patch Tuesday: Critical 0-day (CVE-2025-31324) fixed! 16 new Security Notes & 2 updates tackle NetWeaver vuln. Act now to protect your systems! 🔒💻 #CyberSecurity #SAPSecurity #PatchTuesday #ZeroDay #NetWeaver https://t.co/30RU074Izq
@CyberWolfGuard
13 May 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide. A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors... https://t.co/hJ570Cpiuu #InceptusSecure #UnderOurProtection
@Inceptus3
13 May 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP’s May 2025 Security Patch Day delivers 16 updates, including critical patches for NetWeaver vulnerabilities like CVE-2025-31324, actively exploited flaws in Visual Composer. Protect your systems now! ⚠️ #SAP #SecurityUpdate #Germany https://t.co/PF1ChE6jn3
@TweetThreatNews
13 May 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-Linked APTs Exploit SAP #CVE-2025-31324 to #breach 581 Critical Systems Worldwide https://t.co/olh1CfpnzI
@AdliceSoftware
13 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تستغل جماعات مرتبطة بالصين ثغرة أمنية حرجة في SAP NetWeaver، المعروفة بـ CVE-2025-31324، لاستهداف أنظمة البنية التحتية الحيوية في جميع أنحاء العالم. تمكنت هذه الجه
@Cybercachear
13 May 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://t.co/PPEhp288oa https://t.co/zW5mJGU54T
@TonyBeeTweets
13 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📍China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://t.co/7sr9RMCzbe
@cyberetweet
13 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://t.co/XUrM3mcGrn
@buzz_sec
13 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 581 SAP servers BREACHED. China-linked APTs are exploiting CVE-2025-31324 to backdoor critical infrastructure—gas, water, and gov sectors across the 🇺🇸 🇬🇧 🇸🇦 3 active hacking groups, persistent access. 🔗 Details here: https://t.co/g1JwIenCu3
@TheHackersNews
13 May 2025
14771 Impressions
95 Retweets
179 Likes
42 Bookmarks
2 Replies
7 Quotes
EclecticIQ analysts report that in April 2025, China-nexus APTs exploited SAP NetWeaver vulnerabilities to target critical infrastructures globally, leveraging CVE-2025-31324 for remote code execution and maintaining persistent access. #CyberSecurity #APT https://t.co/sX4uWyALog
@Cyber_O51NT
13 May 2025
1164 Impressions
10 Retweets
17 Likes
1 Bookmark
0 Replies
1 Quote
A critical zero-day vulnerability (CVE-2025-31324) in SAP's NetWeaver Visual Composer has been actively exploited, allowing unauthenticated attackers to execute remote commands and compromise systems. The flaw, with a CVSS score of 10.0, affects a significant portion of Java s...
@CybrPulse
13 May 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-31324 is a critical vulnerability in SAP NetWeaver Visual Composer 7.x, allowing remote code execution via malicious web shells. Exploited by Chinese threat actor Chaya004 since April 2025. ⚠️ #SAPVuln #China #CyberThreat https://t.co/YTlGUmuxiU
@TweetThreatNews
13 May 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2025-31324) in SAP NetWeaver was disclosed, allowing unauthorized file uploads and remote control over compromised systems. With a CVSS score of 10.0, this flaw impacts multiple customers, leading to potential data breaches and exploitation throug...
@CybrPulse
12 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
💥 Chinese hackers exploit SAP NetWeaver flaw for RCE Threat actor Chaya_004 is exploiting CVE-2025-31324 to deploy shells & malware on unpatched SAP NetWeaver servers. Over 1,200 systems at risk. Patch ASAP. https://t.co/LVNjJJykXh #SAP #CyberAttack #Infosec #CISA https
@dCypherIO
12 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Les chercheurs de la société #Forescout ont lié une campagne d'exploitation d'une vulnérabilité sur des instances #SAPNetWeaver à un nouveau groupe de pirates chinois. Baptisée CVE-2025-31324, elle présente un score de sévérité critique (CVSS 10) 🤔 https://t.co/zkxl
@RLDI_Lamy
12 May 2025
135 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
A támadók aktívan kihasználják az SAP NetWeaver szerver sebezhetőségét Az SAP közzétette a CVE-2025-31324 azonosítójú hitelesítést nem igénylő fájlfeltöltési (unauthenticated file upload) sérülékenységet, amely az SAP NetWeaver Visual Composer, azon belü
@linuxmint_hun
12 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New critical SAP NetWeaver RCE vulnerability (CVE-2025-31324) Unauthenticated attackers can upload malicious files via /developmentserver/metadatauploader, leading to full system compromise. Exploited in the wild with web shells & reverse proxies. CVSS 10.0 – patch
@CareWeDoNot
12 May 2025
66 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Unit 42 incident response and telemetry data reveal that attackers exploiting CVE-2025-31324 are deploying specific web shells and tools. This analysis details the reconnaissance commands used and the post-exploitation activities observed: https://t.co/o7pDrG6eJg
@JimBeasleyCA
12 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
12 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat Brief: CVE-2025-31324 https://t.co/oDFu8bBEgX
@NiallWilk
12 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(🧵Thread) Active exploitation of SAP NetWeaver Zero-Day CVE-2025-31324 surges ⬆️ At the end of April, the CrowdSec Network detected a wave of exploitation attempts targeting a critical zero-day vulnerability (CVSS 10.0) in SAP NetWeaver's Visual Composer component. This f
@Crowd_Security
12 May 2025
277 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️SAP NetWeaverサーバー狙う攻撃に中国のハッカーが関与:CVE-2025-31324 🚓7,000台のIoT、EOLデバイスから成るプロキシボットネットを米・蘭当局が解体 〜サイバーセキュリティ週末の話題〜 https://t.co/CDd0guWFkv #
@MachinaRecord
12 May 2025
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #HighCompleteness Threat Brief: CVE-2025-31324 | 10-05-2025 Source: https://t.co/WwToeq2cfz Key details below ↓ 💀Threats: Goreverse, Supershell, Netstat_tool, Nltest_tool, Garble_tool, 🎯Victims: Sap netweaver users, Business analysts, Sap deployments 🌐
@rst_cloud
11 May 2025
117 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeave https://t.co/WERITU4RJi
@wikinger7
11 May 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️Vulnerabilidad de SAP bajo ataque desde enero: cientos de empresas ya fueron comprometidas Si usas SAP NetWeaver, ojo con esto. Han ocurrido ataques reales, confirmados y de gran número desde enero de 2025. ⚠️El problema es una vulnerabilidad crítica: CVE-2025-313
@CycuraMX
11 May 2025
1033 Impressions
11 Retweets
25 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨 A critical RCE flaw, CVE-2025-31324, is being exploited in SAP NetWeaver by Chaya_004. Unauthenticated attackers can gain control through malicious uploads. #SAP #CyberSecurity #CVE202531324 https://t.co/unbfmhEfxd
@ivanilves
11 May 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
11 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0"
}
],
"operator": "OR"
}
]
}
]