Zero-Day Vulnerability in SAP NetWeaver Exploited by Initial Access Broker
BreakingNewsHackingCVE-2025-31324hackingnewsinformationsecuritynewsinitialaccessbrokerITInformationSecurityPierluigiPaganiniSAPNetweaverSecurityAffairsSecurityNewszero-Day
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
A zero-day vulnerability in SAP NetWeaver, identified under the code CVE-2025-31324 with a CVSS score of 10/10, is potentially being exploited by an initial access broker. This flaw affects the SAP NetWeaver Visual Composer Metadata Uploader and endangers thousands of applications exposed on the Internet. The vulnerability stems from a lack of input validation, allowing an attacker to upload and execute malicious files. Potential impacts include system compromise and the execution of arbitrary code.