Security News > 2025 > April > Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)
CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file uploads and code execution. The vulnerability was initially leveraged in zero-day attacks spotted by ReliaQuest researchers, who reported them to SAP. The software company confirmed that the attackers have been leveraging a new vulnerability; released an emergency patch on April 24; and urged organizations to upgrade to implement it and check whether … More → The post Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2025/04/28/sap-netweaver-cve-2025-31324-exploited/
Related news
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug (source)
- Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) (source)
- MITRE warns that funding for critical CVE program expires today (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)