U.S. CISA Adds Critical SAP NetWeaver Flaw to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a SAP NetWeaver vulnerability, listed under the number CVE-2025-31324, to its catalog of known exploited vulnerabilities (KEV). This vulnerability, with a CVSS score of 10/10, was reported by researchers last week as a zero-day flaw. CISA included this vulnerability in its catalog due to its active exploitation.