CVE-2025-31324 - SAP NetWeaver Unrestricted File Upload Vulnerability
Project:SAP
Product:NetWeaver
Date Added:2025-04-29Due Date:2025-05-20
Vulnerability Name
SAP NetWeaver Unrestricted File Upload Vulnerability
Description
SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://me.sap.com/notes/3594142
https://nvd.nist.gov/vuln/detail/CVE-2025-31324
Related News Articles
CISA orders feds to patch VMware Tools flaw exploited by Chinese hackersOctober 31, 2025
Chinese hackers exploiting VMware zero-day since October 2024September 30, 2025
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch TuesdaySeptember 10, 2025
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)August 20, 2025
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code ExecutionAugust 19, 2025