CVE-2025-31324 - SAP NetWeaver Unrestricted File Upload Vulnerability

Vulnerability Name

SAP NetWeaver Unrestricted File Upload Vulnerability

Description

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://me.sap.com/notes/3594142

https://nvd.nist.gov/vuln/detail/CVE-2025-31324

Related News Articles

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)August 20, 2025

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code ExecutionAugust 19, 2025

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color MalwareJuly 30, 2025

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malwareJuly 30, 2025

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and BrazilMay 30, 2025