CVE-2025-31324
Published Apr 24, 2025
Last updated 2 days ago
AI description
CVE-2025-31324 is a vulnerability affecting SAP NetWeaver Visual Composer Metadata Uploader. The core issue is a missing authorization check, which allows unauthenticated attackers to upload potentially malicious executable binaries to the system. This vulnerability can be exploited by crafting malicious POST requests to deliver webshells, enabling attackers to execute system commands, upload unauthorized files, seize control of compromised systems, execute remote code, and potentially steal sensitive data.
- Description
- SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
- Source
- cna@sap.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SAP NetWeaver Unrestricted File Upload Vulnerability
- Exploit added on
- Apr 29, 2025
- Exploit action due
- May 20, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cna@sap.com
- CWE-434
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
Actively exploited CVE : CVE-2025-31324
@transilienceai
8 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Second wave of attacks hits SAP NetWeaver CVE-2025-31324 flaw Despite April patch, attackers are leveraging planted webshells for full system takeover. CVSS 10, zero-day exploited with Brute Ratel & Heaven’s Gate tools. https://t.co/EYbANM9bjV #SAP #ZeroDay #CyberSe
@dCypherIO
7 May 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
7 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Guidance for handling CVE-2025-31324 using Microsoft Security capabilities from Shahar Bahat https://t.co/0d1W5K1hIs
@AzureWeekly
7 May 2025
554 Impressions
3 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes
ゼロデイ脆弱性が発生した後、SAP NetWeaverに対する第2波の攻撃が発生中(CVE-2025-31324) https://t.co/AL33PGLN7O #Security #セキュリティ #ニュース
@SecureShield_
7 May 2025
67 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔓 Major breach alert: Hackers exploited a zero-day flaw (CVE-2025-31324) in SAP NetWeaver, deploying webshells to infiltrate systems. A second wave of attacks is now underway, targeting previously compromised servers. Immediate patching and thorough system audits are critical.
@unitv_network
6 May 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A critical vulnerability (CVE-2025-31324) in SAP systems has been discovered, rated 10/10 in severity due to its potential exploitation by attackers. With reports of over 1,200 instances exposed, companies using the NetWeaver Visual Composer need to act quickly to safeguard th...
@CybrPulse
6 May 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
"Don't let your business be caught in the second wave of CVE-2025-31324 attacks! https://t.co/DAJgWHU8z7 #TechNews #Malware #CyberSecurity
@EnRouteIT
6 May 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
6 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
5 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
5 May 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
4 May 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
4 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
4 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Hey, did you hear about that SAP NetWeaver flaw (CVE-2025-31324)?! Attackers can just waltz in WITHOUT a password! Update ASAP or risk total system takeover! #cybersecurity https://t.co/nQwWfz3Tdj
@fin_tech_news_
3 May 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
3 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
3 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Se ha descubierto una vulnerabilidad crítica zero-day (CVE-2025-31324) en SAP NetWeaver Java que permite ejecución remota con control total del sistema. https://t.co/j1sG0ZxT3d
@esconsulting__
2 May 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🆕 SAP Zero-Day IoC Scanner available from Mandiant + Onapsis 🔎 This tool aims to help organizations identify IoCs associated with exploitation of a recently patched vulnerability in SAP NetWeaver Application Server Java: CVE-2025-31324. Learn more: https://t.co/cD4lupxOnC
@onapsis
2 May 2025
126 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
2 May 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SAP NetWeaverのゼロデイ脆弱性(CVE-2025-31324)が悪用、CISAがKEVデータベースに追加 #セキュリティ対策Lab #セキュリティ #Security https://t.co/x9c8AvNZVd
@securityLab_jp
2 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Over 1,200 SAP NetWeaver Servers Vulnerable to Actively Exploited Flaw (#CVE-2025-31324) https://t.co/BgUBr5A147 Educational Purposes!
@UndercodeUpdate
2 May 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
2 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
1 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#threatreport #LowCompleteness SAP NetWeaver CVE-2025-31324 Exploitation | 30-04-2025 Source: https://t.co/r5wCE4gcmn Key details below ↓ 🧑💻Actors/Campaigns: Thewizards 💀Threats: Xmrig_miner, Slaac_spoofing_technique, Aitm_technique, Wizardnet, Spellbinder, Rozena
@rst_cloud
1 May 2025
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New SAP Zero-Day – CVE-2025-31324 (CVSS 9.9) Critical unauthenticated access flaw in SAP NetWeaver AS Java SAP environments just got hit with a major vulnerability — CVE-2025-31324 — a missing authentication check in the UDDI
@Cyb3rTldr
1 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
1 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Failed to exploit SAP Visual Composer CVE-2025-31324 vulnerability! Why? Response: https://t.co/Do2sLMGS6x
@realxs711
1 May 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild https://t.co/vXLtDmlH6M https://t.co/EmR2V4e4aZ
@NickBla41002745
1 May 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 1,200 SAP NetWeaver servers are vulnerable to an actively exploited unauthenticated file upload flaw (CVE-2025-31324). I've crafted a KQL query to help detect public-facing instances—time to audit and secure! https://t.co/9IIa5IX7Uu KQL Code: https://t.co/wMiGLdm7t5 https
@0x534c
1 May 2025
2043 Impressions
8 Retweets
44 Likes
18 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in SAP NetWeaver Visual Composer is wreaking havoc, with over 7,500 servers potentially at risk and confirmed compromises across multiple organizations. This flaw, CVE-2025-31324, allows unauthenticated access, making it a goldmine for attackers who ha...
@CybrPulse
1 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-31324 Critical RCE in SAP NetWeaver Visual Composer—unauthenticated file upload vulnerability under active exploitation. CVSS 10.0. 🛠️ Patch now: SAP Note #3594142 🔍 Details + live CVE view: 👉 https://t.co/jL0ivAAa95 https://t.co/Fv3OORWFtY
@rapidriskradar
30 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#cybersecurity Critical #SAP #ZeroDay Vulnerability Under Active Exploitation (CVE-2025-31324) https://t.co/Xppc6Pwhhh
@jos1727
30 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Guidance for handling CVE-2025-31324 using Microsoft Security capabilities https://t.co/SuGS1z2lHq #Microsoft #techcommunity
@MSITTechNews
30 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Over 400 SAP NetWeaver Servers Exposed to Actively Exploited RCE Vulnerability (CVE-2025-31324) A critical zero-day flaw in SAP’s NetWeaver platform—now tracked as CVE-2025-31324—is under active exploitation, putting over 400 servers at risk worldwide. This RCE htt
@efani
30 Apr 2025
279 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
30 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1327 CVE-2025-31324 SAP NetWeaver Unrestricted File Upload Vulnerability ============= CVSSスコア:10.0 (Base) / SAP SE CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
@piyokango
30 Apr 2025
3807 Impressions
4 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
Exploitation of CVE-2025-31324 has been ongoing throughout April 2025, with threat actors leveraging tools such as Brute Ratel and Heaven's Gate for code execution and evasion after initial access. Learn more in our latest #security bulletin. https://t.co/ALsOC5cp3J
@ervik
30 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Active Exploitation of SAP Zero-Day Vulnerability (CVE-2025-31324, SAP Security Note 3594142) #ζαγαρια https://t.co/eLCQT9ZeIB
@PaNAS_010170
30 Apr 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-31324 Attention,The SAP Visual Composer CVE-2025-31324 vulnerability is being exploited crazily. 887 targets were extracted from the data mapped by ZoomEye, of which 45 targets were confirmed to have backdoor webshells and had been hacked. https://t.co/5T0fWEnIsj
@_r00tuser
30 Apr 2025
1231 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
A critical zero-day vulnerability (CVE-2025-31324) in SAP's NetWeaver Visual Composer allows unauthenticated attackers to upload malicious files, posing a severe threat to enterprise systems, especially in manufacturing. Active exploitations have been noted since March 27, 202...
@CybrPulse
30 Apr 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A zero-day vulnerability in SAP NetWeaver (CVE-2025-31324) is being actively exploited, granting attackers the ability to exert full control over critical business processes. With over 10,000 potentially at-risk applications and a perfect CVSS score, organizations must priorit...
@CybrPulse
30 Apr 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-31324
@transilienceai
29 Apr 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 +1,200 servidores SAP NetWeaver expuestos a grave vulnerabilidad (CVE-2025-31324). Ataques activos detectados. 📌 Actualiza ahora o restringe acceso a /developmentserver/metadatauploader. ¡Protege tu entorno! #SAP #Ciberseguridad #SISAPNews https://t.co/5wuPE4d036
@SISAP_LATAM
29 Apr 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
初期アクセスブローカーの疑いのある人物が SAP NetWeaver の重大な脆弱性を悪用 (CVE-2025-31324) Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) #HelpNetSecurity (Apr 28) https://t.co/ZHxBEC7rIA
@foxbook
29 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added SAP NetWeaver unrestricted file upload vulnerability, CVE-2025-31324 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/0t3o1wMvRq
@CISACyber
29 Apr 2025
8043 Impressions
19 Retweets
45 Likes
4 Bookmarks
13 Replies
3 Quotes
SAP Zero Day Vulnerability CVE-2025-31324 / Security Note 3594142 - Layer Seven Security https://t.co/KS56hueeJb https://t.co/vKRNYLNXQL
@LayerSeven
29 Apr 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild https://t.co/ZsoTde27hk https://t.co/woq5nPYnrJ
@ggrubamn
29 Apr 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Over 400 SAP Servers Exposed to Attacks CVE-2025-31324 (CVSS 10) lets attackers upload malicious files via Visual Composer. 427 SAP NetWeaver instances are exposed globally. Exploited in the wild. Patch now via SAP Note 3594142. https://t.co/cG4kPOZjm2 #SAP #CyberSecur
@dCypherIO
29 Apr 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Over 400 SAP Servers Exposed to Attacks CVE-2025-31324 (CVSS 10) lets attackers upload malicious files via Visual Composer. 427 SAP NetWeaver instances are exposed globally. Exploited in the wild. Patch now via SAP Note 3594142. https://t.co/cG4kPOZjm2 #SAP #CyberSecur
@dCypherIO
29 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0"
}
],
"operator": "OR"
}
]
}
]