Return to CVE list

CVE-2025-31324

10.0
Critical

SAP NetWeaver Unrestricted File Upload Vulnerability

cna@sap.com
Analyzed
View on MITREFind on GitHub

Description

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

cna@sap.com
https://me.sap.com/notes/3594142
cna@sap.com
https://url.sap/sapsecuritypatchday
af854a3a-2127-422b-91ae-364da2661108
https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
af854a3a-2127-422b-91ae-364da2661108
https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/
af854a3a-2127-422b-91ae-364da2661108
https://www.theregister.com/2025/04/25/sap_netweaver_patch/
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/