Cybercriminal Groups BianLian and RansomExx Exploit SAP NetWeaver Vulnerability

Two distinct cybercrime groups, BianLian and RansomExx, have exploited a recently disclosed security vulnerability in SAP NetWeaver, referenced under the number CVE-2025-31324. This exploitation indicates that multiple malicious actors are taking advantage of this vulnerability. Cybersecurity company ReliaQuest published an update today, revealing evidence of the involvement of the BianLian group, which specializes in data extortion, and the RansomExx group. These groups have deployed the PipeMagic Trojan by exploiting this flaw.