CVE-2025-31324 - SAP NetWeaver Unrestricted File Upload Vulnerability
Project:SAP
Product:NetWeaver
Date Added:2025-04-29Due Date:2025-05-20
Vulnerability Name
SAP NetWeaver Unrestricted File Upload Vulnerability
Description
SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://me.sap.com/notes/3594142
https://nvd.nist.gov/vuln/detail/CVE-2025-31324
Related News Articles
China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and BrazilMay 30, 2025
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network AttacksMay 22, 2025
Ransomware gangs join ongoing SAP NetWeaver attacksMay 15, 2025
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic TrojanMay 15, 2025
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems WorldwideMay 13, 2025