Vulnerabilities > CVE-2025-31324 - Unspecified vulnerability in SAP Netweaver 7.50
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Related news
References
- https://me.sap.com/notes/3594142
- https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
- https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
- https://url.sap/sapsecuritypatchday
- https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/
- https://www.theregister.com/2025/04/25/sap_netweaver_patch/