A critical security flaw in SAP NetWeaver, CVE-2025-31324, is being exploited by Chinese state-sponsored actors to infiltrate vital infrastructure sectors worldwide. These include utilities in the UK, medical device manufacturing, and energy companies in the US. Investigations reveal patterns of exploitation linked to groups like UNC5221 and others. The exposed directory from a compromised server outlined numerous breaches and targeted domains, reflecting a coordinated effort against high-value infrastructure components and highlighting the organization of cyber operations against these sectors.
"Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Büyükkaya said in an analysis published today.
"The exposed open-dir infrastructure reveals confirmed breaches and highlights the group's planned targets, offering further insight into their targeting methodology and capabilities."
Collection
[
|
...
]