Critical Security Flaw in SAP NetWeaver Exploited by China-Linked State Actors

A recently disclosed critical security flaw affecting SAP NetWeaver is being exploited by several state actors linked to China to target critical infrastructure networks. According to the analysis published today by EclecticIQ researcher Arda Büyükkaya, the actors have exploited CVE-2025-31324, an unauthenticated file download vulnerability allowing remote code execution (RCE). This campaign has compromised 581 critical systems worldwide.