Ransomware groups are leveraging critical vulnerabilities in SAP NetWeaver, particularly CVE-2025-31324, to execute remote code on servers. Following reports from ReliaQuest about these ongoing attacks, SAP urgently released patches on April 24 to address the issue. Notably, groups like RansomEXX and BianLian have been identified as key players, although ransomware has not yet been used. Investigations have found links to Chinese hacker groups as well, indicating a wider interest in exploiting this vulnerability across various criminal organizations.
The ongoing exploitation of SAP NetWeaver's critical vulnerability shows an alarming trend where ransomware groups, including RansomEXX and BianLian, are increasingly sophisticated in their attacks.
Both ReliaQuest and other cybersecurity firms have confirmed that multiple criminal groups are attempting to exploit the CVE-2025-31324 vulnerability, highlighting a coordinated effort to take control over affected systems.
Collection
[
|
...
]