CISA Known Exploited Vulnerability (KEV)
SAP NetWeaver Unrestricted File Upload Vulnerability
April 29, 2025
May 20, 2025
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
References
- https://me.sap.com/notes/3594142
- https://url.sap/sapsecuritypatchday
- https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
- https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/
- https://www.theregister.com/2025/04/25/sap_netweaver_patch/
- https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Weakness Enumeration
| CWE-ID | CWE Name |
|---|---|
|
CWE-434 |
Unrestricted Upload of File with Dangerous Type |