CVE-2025-31324
Published Apr 24, 2025
Last updated 4 months ago
AI description
CVE-2025-31324 is a vulnerability affecting SAP NetWeaver Visual Composer Metadata Uploader. The core issue is a missing authorization check, which allows unauthenticated attackers to upload potentially malicious executable binaries to the system. This vulnerability can be exploited by crafting malicious POST requests to deliver webshells, enabling attackers to execute system commands, upload unauthorized files, seize control of compromised systems, execute remote code, and potentially steal sensitive data.
- Description
- SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
- Source
- cna@sap.com
- NVD status
- Analyzed
- Products
- netweaver
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SAP NetWeaver Unrestricted File Upload Vulnerability
- Exploit added on
- Apr 29, 2025
- Exploit action due
- May 20, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cna@sap.com
- CWE-434
- Hype score
- Not currently trending
【先週のブログまとめ📚】 🆕 Auto-Colorとは?CVE-2025-31324を狙う最新の脅威 中小企業でも狙われやすい脆弱性と対策のポイントを解説! 🔗 https://t.co/TiqAoQ6FH6 🍂 秋のセキュリティチェックリストで備える中
@synplanning
18 Sept 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👾 CVE-2025-31324 & CVE-2025-42999: SAP NetWeaver Visual Composer RCEs exploited in the wild; public exploits available. Patches released, but thousands of orgs may remain vulnerable. #SAP #NetWeaver #Onapsis ➡️ https://t.co/LJNuwvVSDC https://t.co/vrHq5xugQP
@leonov_av
17 Sept 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-7344 2 - CVE-2025-31324 3 - CVE-2024-44241 4 - CVE-2022-46689 5 - CVE-2025-31200 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
13 Sept 2025
183 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
#threatreport #MediumCompleteness SAP NetWeaver Metadata Uploader Vulnerability (CVE-2025-31324) | 10-09-2025 Source: https://t.co/6vm504rxkF Key details below ↓ 🧑💻Actors/Campaigns: Lapsus Shinyhunters 💀Threats: Auto-color, Havoc, 🎯Victims: Sap customers, Ente
@rst_cloud
11 Sept 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
"🚨 SAP users: CVE-2025-31324 allows remote code exec via metadatauploader. Active since March '25. Patch Sept '25 updates immediately. Monitor networks, restrict dev server access."
@Tudorel92659164
11 Sept 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor mass exploiting CVE-2025-31324 (SAP Netweaver RCE) from 45.15.140.117 ( Pq Hosting Plus S.r.l. ) 🇳🇿 VirusTotal Detections: 0/94 🟢 Payload contains an obfuscated webshell 📷 https://t.co/TOcu2tDQXI
@DefusedCyber
10 Sept 2025
3148 Impressions
9 Retweets
28 Likes
13 Bookmarks
0 Replies
1 Quote
🚨 SAP NetWeaver (CVE-2025-31324) Remains an Active Threat – Patch Now ReliaQuest is investigating an increase in JSP web shell deployment alongside exploitation of the SAP NetWeaver vulnerability (CVE-2025-31324). This activity may signal a new wave of exploitation. Our te
@ReliaQuestTR
5 Sept 2025
121 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
ERP is the new single point of failure. CVE-2025-31324 just proved it. https://t.co/ewcn4GERh5
@Amitendrathenua
5 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit für SAP-Sicherheitslücke CVE-2025-31324 veröffentlicht – Angreifer nutzen Schwachstelle aktiv aus https://t.co/eVFfIxPJdA
@KolaricDav5471
1 Sept 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP NetWeaver のゼロデイ CVE-2025–31324 を悪用:高度な RCE スクリプトの詳細が公開 https://t.co/YWFp5x2dnS NetWeaver の ICM (Internet Communication Manager) コンポーネントに存在する、ゼロデイ脆弱性 CVE-2025-31324 を狙う、攻撃ス
@iototsecnews
1 Sept 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP Threat Alert CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver Visual Composer under active exploitation. Attackers can gain SAP admin, steal data & disrupt operations.
@huseyin_yu46083
30 Aug 2025
4 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP Threat Alert CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver Visual Composer under active exploitation. Attackers can gain SAP admin, steal data & disrupt operations. 🔗 Full advisory: https://t.co/OWi56y75cJ #CyberSecurity #SAP #ThreatIntel https://t.co/goc9U
@sequretek_sqtk
29 Aug 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31324 has been a BITCH to deal with.. IYKYK
@baube19
27 Aug 2025
114 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Did you get a chance to check out this month's newsletter? Highlights include: ⚙️ Patch Day analysis ⚠️ A new active exploit for CVE-2025-31324 🧠 Zero Day panel insights 📈 2025 security trends Check it out on LinkedIn. ⬇️ https://t.co/IP2VdAX0H8 https://t.co/n
@onapsis
27 Aug 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 New Exploit Chains Two Critical SAP NetWeaver Flaws for RCE https://t.co/tSmT9FfKLD A publicly released exploit combines CVE-2025-31324 and CVE-2025-42999 to achieve remote code execution with admin privileges on unpatched NetWeaver servers. The exploit enables stealthy
@Huntio
25 Aug 2025
1303 Impressions
7 Retweets
18 Likes
4 Bookmarks
0 Replies
0 Quotes
Are you up to date on the latest SAP security threats? Our monthly newsletter covers: ⚙️ Patch Day analysis ⚠️ A new active exploit for CVE-2025-31324 🧠 Zero Day panel insights 📈 2025 security trends Get the full scoop and subscribe on LinkedIn. ⬇️ https://t.c
@onapsis
21 Aug 2025
278 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just saw that an exploit for a critical SAP vulnerability (CVE-2025-31324) was publicly released, targeting businesses worldwide. Even if you’ve patched before, now’s the time to double-check your systems, attackers move fast after exploit code goes public.
@VishnuHulikatti
21 Aug 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ Exploit público en SAP NetWeaver permite toma total del sistema Onapsis advirtió que se liberó un exploit que encadena dos: 1. CVE-2025-31324 (falta de autorización) 2. CVE-2025-42999 (deserialización insegura) en SAP NetWeaver. SAP lanzó actualizaciones en abr
@CycuraMX
20 Aug 2025
206 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
#Exploit for critical #SAP Netweaver flaws released (#CVE-2025-31324, CVE-2025-42999) https://t.co/QFSRbWL2uX
@ScyScan
20 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) https://t.co/rwKeswLCsp #HelpNetSecurity #Cybersecurity https://t.co/FbBt1NJJmY
@PoseidonTPA
20 Aug 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. https://t.co/foCm2qJbiM #SAP #NetWeaver #exploit #auth #bypass #RCE #cve #compromised #datatheft #CyberSecurity #CybersecurityNews #threatresq
@ThreatResq
20 Aug 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A severe exploit combining two critical vulnerabilities in SAP NetWeaver poses a significant risk for organizations, allowing unauthenticated attackers to seize control and execute arbitrary commands. With CVE-2025-31324 rated at a staggering 10.0 CVSS score, it's a clear and ...
@CybrPulse
20 Aug 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Public exploit chains SAP NetWeaver flaws CVE-2025-31324 & CVE-2025-42999, enabling remote code execution and bypassing authentication. Attacks active since March, involving ransomware & espionage groups. #SAPFlaws #RemoteCode #Germany https://t.co/GHlqVhiUTV
@TweetThreatNews
19 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShinyHunters release exploit for critical SAP vulnerabilities CVE-2025-31324 & CVE-2025-42999. Immediate patching required to prevent system takeover. Link: https://t.co/VH44Xs4eKV #Security #Exploit #Hacking #Threat #Patch #SAP #CVE #Cyber #Tech #Attack #Breach #Data #Softwa
@dailytechonx
19 Aug 2025
79 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP NetWeaver #Java Visual Composer Under Attack: #CVE-2025-31324 Exploit Spreads Wildly https://t.co/ccBAntawv2
@UndercodeNews
19 Aug 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A newly discovered critical vulnerability in SAP NetWeaver AS Java Visual Composer, CVE-2025-31324, is now actively exploited, posing severe risks to organizations that haven't patched. With public exploit tooling available, even less experienced attackers can execute remote c...
@CybrPulse
19 Aug 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
悪名高いハッキンググループShinyHuntersが、SAPの重大な脆弱性を狙った高度なエクスプロイトを公開しました。このエクスプロイトは、CVE-2025-31324などのゼロデイ脆弱性を連鎖させ、認証なしでSAPシステムにコ
@cyber_edu_jp
19 Aug 2025
79 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Yeni ortaya çıkan bir açık, SAP NetWeaver sistemlerinde ciddi güvenlik riskleri oluşturuyor. İki kritik güvenlik açığının (CVE-2025-31324 ve CVE-2025-42999) birleşimiyle oluşan bu istismar, kimlik doğrulamasını atlayarak sistemlere uzaktan kod çalıştırma imk
@et2mas
19 Aug 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 استغل عيب جديد يجمع بين ثغرتين حرجة في SAP NetWeaver، مما يعرض الأنظمة غير المرقعة لخطر الاختراق وسرقة البيانات. الثغرتان CVE-2025-31324 وCVE-2025-42999 يمكنهما تجاوز مصا
@Cybercachear
19 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new exploit chain targets SAP NetWeaver vulnerabilities CVE-2025-31324 & CVE-2025-42999, enabling remote code execution. Ransomware gangs and Chinese APTs exploited these flaws. #SAPExploits #RemoteCodeExec #ChinaAPT https://t.co/Glxb47TqDs
@TweetThreatNews
19 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical SAP NetWeaver flaw (CVE-2025-31324) is now fully weaponized, with public exploit code available and active attacks in the wild. Thanks to expert insights from @pathlock & @deepwatch_sec 🔗 Read more: https://t.co/22h22BKspS ✍ Kirsten Doyle #Vulnerability #I
@Info_Sec_Buzz
19 Aug 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new, weaponized exploit for critical #SAP #vulnerabilities CVE-2025-31324 and CVE-2025-42999 is now public. If your systems are unpatched, they're at high risk. Act now: apply SAP security notes 3594142 and 3604119. Get the full story ➡️ https://t.co/w7XaUKhutP #cybersecu
@onapsis
18 Aug 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Critical SAP Vulnerability: CVE-2025-31324 Now Exploitable at Scale SAP security expert Jonathan Stross details a critical vulnerability in SAP NetWeaver Visual Composer that is actively exploited using publicly available tools. Read our full analysis: https://t.co/SHEqJt696C h
@pathlock
18 Aug 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Neuer Exploit für kritische SAP-Sicherheitslücke CVE-2025-31324 veröffentlicht https://t.co/h0RiulAeHp
@KolaricDav5471
18 Aug 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2010-5139 2 - CVE-2025-53783 3 - CVE-2025-26633 4 - CVE-2025-31324 5 - CVE-2025-52970 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 Aug 2025
143 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Analysis reveals a SAP NetWeaver exploit targeting CVE-2025-31324 that automates JSP web shell uploads via metadata uploader with Base64 obfuscation, enabling remote code execution. #SAPSecurity #RemoteCodeExec #Germany https://t.co/CeMgu0d3E1
@TweetThreatNews
17 Aug 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-31324: SAP NetWeaver Visual Composer PoC from Scattered Lapsus$ Hunters dropped. GitHub: https://t.co/4vvUzxlFYm https://t.co/iSKY2EdHvp
@DarkWebInformer
15 Aug 2025
10181 Impressions
17 Retweets
71 Likes
33 Bookmarks
1 Reply
1 Quote
Scattered Lapsus$ Hunters (UNC3944) are advertising a new exploit for SAP Netweaver, which despite being marketed as an 0day is actually an exploit for CVE-2025-31324. This logic has been added to our free tier SAP Netweaver decoy/honeypot template! Go get that payload 🍯 h
@DefusedCyber
15 Aug 2025
1110 Impressions
3 Retweets
19 Likes
0 Bookmarks
1 Reply
0 Quotes
ShinyHunters have released their exploit tool for SAP NetWeaver Visual Composer (CVE-2025-31324). While analysing the Base64-encoded Java payload, I spotted an unusual marker string: "Pwner274576528033300" https://t.co/MiW2UoXuqc
@WhichbufferArda
15 Aug 2025
7923 Impressions
25 Retweets
79 Likes
37 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2017-5689 2 - CVE-2025-31324 3 - CVE-2025-8088 4 - CVE-2025-4609 5 - CVE-2024-50264 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Aug 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Darktrace stopped an Auto-Color backdoor attack on a US chemical firm exploiting CVE-2025-31324 in SAP NetWeaver to deliver a Linux ELF RAT using https://t.co/LcYcq7BF3s.preload persistence and stealthy C2 suppression. #AutoColor #SAPNetWeaver #USA https://t.co/YdB13PpM9G
@TweetThreatNews
9 Aug 2025
2452 Impressions
20 Retweets
42 Likes
13 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
5 Aug 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
4 Aug 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware Hackers are exploiting CVE-2025-31324, a critical SAP NetWeaver flaw, to deploy the advanced Auto-Color Linux malware, first seen in attacks on a U.S.-based chemicals firm. Discovered by Darktrace in April http
@dCypherIO
30 Jul 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年4月、米国の化学企業が3日間にわたるサイバー攻撃を受け、SAP NetWeaverの新たに公開された脆弱性(CVE-2025-31324)を悪用して侵入され、Linux向けマルウェア「Auto-Color」が展開された。
@yousukezan
30 Jul 2025
613 Impressions
2 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
2025年4月、米国の化学企業を標的とした攻撃で、脅威アクターがSAP NetWeaverの深刻な脆弱性(CVE-2025-31324)を悪用し、Auto-Colorバックドアを展開していたことがDarktraceにより報告された。
@yousukezan
30 Jul 2025
721 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
برمجية Auto-Color الخبيثة تستغل ثغرة CVE-2025-31324 في SAP NetWeaver لزرع أبواب خلفية في أنظمة Linux. - الاستغلال لا يتطلب مصادقة - تقنية تثبيت متقدمة باستخدام preload - يتصل بخوا
@cyberscastx
30 Jul 2025
1704 Impressions
2 Retweets
14 Likes
8 Bookmarks
1 Reply
0 Quotes
Cyber attackers exploited a patched SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color malware, gaining remote access and evading detection across North America and Asia. #SAPVulnerability #AutoColor #USA https://t.co/lBQiKq7YHP
@TweetThreatNews
30 Jul 2025
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploited the critical SAP NetWeaver vulnerability CVE-2025-31324 to deploy Auto-Color malware in an attack on a U.S. chemicals company, first detected by Darktrace on April 25, 2025. https://t.co/ALVZIHWHfB
@securityRSS
30 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
해커, SAP NetWeaver 버그를 악용해 Linux Auto-Color 맬웨어 배포 2025년 4월 24일, 소프트웨어 제공업체 SAP SE는 SAP Netweaver 제품의 심각한 취약점인 CVE-2025-31324를 공개했습니다. 이 취약점을 악용하면 악의적인 공격자가 SAP
@ngnicky
30 Jul 2025
277 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0"
}
],
"operator": "OR"
}
]
}
]