SAP has announced emergency patches for a critical zero-day vulnerability, CVE-2025-31324, in its NetWeaver Visual Composer, which allows unauthorized uploads of malicious files. This vulnerability, with a perfect CVSS score of 10, enables attackers to potentially execute remote code and take control of servers without authentication. Security firms have reported multiple compromises involving this flaw, emphasizing that it remains exploitable even in fully patched systems. Despite SAP's assurances, independent reports suggest that many customers may be unaware of being affected. Prompt application of patches is urged to mitigate the risk of attack.
ReliaQuest reported that multiple customers have been compromised via unauthorized file uploads to SAP NetWeaver, allowing remote code execution.
SAP has released emergency patches for a zero-day vulnerability in NetWeaver, allowing attackers to gain control over systems without authentication.
Collection
[
|
...
]