Security News > 2025 > April > Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)
CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file uploads and code execution. The vulnerability was initially leveraged in zero-day attacks spotted by ReliaQuest researchers, who reported them to SAP. The software company confirmed that the attackers have been leveraging a new vulnerability; released an emergency patch on April 24; and urged organizations to upgrade to implement it and check whether … More → The post Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2025/04/28/sap-netweaver-cve-2025-31324-exploited/
Related news
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
- China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug (source)
- Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) (source)
- MITRE warns that funding for critical CVE program expires today (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-24 | CVE-2025-31324 | Unspecified vulnerability in SAP Netweaver 7.50 SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. | 9.8 |