CVE-2025-31324 - SAP NetWeaver Unrestricted File Upload Vulnerability
Project:SAP
Product:NetWeaver
Date Added:2025-04-29Due Date:2025-05-20
Vulnerability Name
SAP NetWeaver Unrestricted File Upload Vulnerability
Description
SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://me.sap.com/notes/3594142
https://nvd.nist.gov/vuln/detail/CVE-2025-31324