Security News > 2025 > April > New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework
2025-04-25 10:41
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week. The cybersecurity
News URL
https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html
Related news
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
- Week in review: Critical SAP NetWeaver flaw exploited, RSAC 2025 Conference (source)
- China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-12 | CVE-2017-9844 | Deserialization of Untrusted Data vulnerability in SAP Netweaver 7400.12.21.30308 SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. | 7.5 |