Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-31324

CRITICAL
Published 2025-04-24T16:50:27.706Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-31324. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
10.0
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.635
probability
of exploitation in the wild

There is a 63.5% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.983
Higher than 98.3% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

Understanding This Vulnerability

This Common Vulnerabilities and Exposures (CVE) entry provides detailed information about a security vulnerability that has been publicly disclosed. CVEs are standardized identifiers assigned by MITRE Corporation to track and catalog security vulnerabilities across software and hardware products.

The severity rating (CRITICAL) indicates the potential impact of this vulnerability based on the CVSS (Common Vulnerability Scoring System) framework. Higher severity ratings typically indicate vulnerabilities that could lead to more significant security breaches if exploited. Security teams should prioritize remediation efforts based on severity, exploit availability, and the EPSS (Exploit Prediction Scoring System) score, which predicts the likelihood of exploitation in the wild.

If this vulnerability affects products or systems in your infrastructure, we recommend reviewing the affected products section, checking for available patches or updates from vendors, and implementing recommended workarounds or solutions until a permanent fix is available. Organizations should also monitor security advisories and threat intelligence feeds for updates about active exploitation of this vulnerability.

Available Exploits

No exploits available for this CVE.

Related News

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)

A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has alleg…

Help Net Security 2025-08-20 10:28
Read More
Exploit weaponizes SAP NetWeaver bugs for full system compromise

Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. A new exploit chaining two vulnerabilities, tracked as CVE-2025-31324 and CVE-2025-42999, in SAP NetWeaver exposes organizations …

Securityaffairs.com 2025-08-20 00:01
Read More
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass a…

Internet 2025-08-19 13:00
Read More
Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Lin…

Securityaffairs.com 2025-07-30 07:46
Read More
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware

Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. [...]

BleepingComputer 2025-07-29 16:10
Read More

Affected Products

SAP_SE

SAP NetWeaver (Visual Composer development server)

Affected Versions:

VCFRAMEWORK 7.50

References

https://me.sap.com/notes/3594142 (CNA)
https://url.sap/sapsecuritypatchday (CNA)

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

May 20, 2025

Added to KEV

April 29, 2025

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Product

Vendor/Project: SAP
Product: NetWeaver

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.04.29 Released: April 29, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-7w9p-pr7x-mjw2

Advisory Details

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-31324
WEB https://me.sap.com/notes/3594142
WEB https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324
WEB https://url.sap/sapsecuritypatchday
WEB https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks
WEB https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31324
WEB https://www.theregister.com/2025/04/25/sap_netweaver_patch

Advisory provided by GitHub Security Advisory Database. Published: April 24, 2025, Modified: October 22, 2025

References

https://me.sap.com/notes/3594142
https://url.sap/sapsecuritypatchday
Published: 2025-04-24T16:50:27.706Z
Last Modified: 2025-07-28T19:41:56.404Z
Copied to clipboard!