SAP NetWeaver Unrestricted File Upload Vulnerability

Added April 29, 2025 • Due May 20, 2025 • CVE-2025-31324

Overdue SAP / NetWeaver CWE-434

Description

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

https://me.sap.com/notes/3594142
https://nvd.nist.gov/vuln/detail/CVE-2025-31324

Additional Information

Catalog Version: 2025.04.29
Catalog Released: April 29, 2025
Days Until Due: 0 days
Last Updated: 6 months, 3 weeks ago