A critical zero-day vulnerability, CVE-2025-31324, affecting SAP NetWeaver has been disclosed, enabling remote code execution, and is currently being exploited worldwide. Investigations indicate that attackers often return to servers to exploit webshells from earlier breaches. SAP Security Analyst Jonathan Stross emphasizes the increasing challenges organizations face in securing complex software environments. He advises immediate actions such as applying specific SAP security notes and implementing firewall rules to defend against these evolving threats, warning of the continuous risk of further incidents if vulnerabilities are not addressed timely.
The vulnerability tracked as CVE-2025-31324 has a CVSS score of 10.0, enabling remote code execution and leading to significant security threats against SAP NetWeaver.
Investigations reveal that attackers return to compromised servers to exploit pre-deployed webshells, allowing them to conduct further malicious activities.
Jonathan Stross warns organizations about the difficulty of staying ahead of attackers, highlighting the need for comprehensive security measures in complex software environments.
Immediate action is essential for organizations to mitigate the risk from CVE-2025-31324, including applying SAP Security Note 3594142 and adjusting firewall settings.
Collection
[
|
...
]