{"id":2378,"date":"2025-08-20T03:51:46","date_gmt":"2025-08-20T03:51:46","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/08\/20\/public-exploit-released-for-critical-sap-netweaver-flaw\/"},"modified":"2025-08-20T03:51:46","modified_gmt":"2025-08-20T03:51:46","slug":"public-exploit-released-for-critical-sap-netweaver-flaw","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/08\/20\/public-exploit-released-for-critical-sap-netweaver-flaw\/","title":{"rendered":"Public Exploit Released for Critical SAP NetWeaver Flaw"},"content":{"rendered":"
\n
\n

A critical vulnerability in SAP NetWeaver AS Java Visual Composer, tracked as CVE-2025-31324, is now being widely exploited following the release of public exploit tooling.<\/p>\n

The flaw, patched in April 2025, allows unauthenticated remote code execution via the platform\u2019s metadata uploader endpoint.<\/p>\n

What\u2019s new is the public availability of the full source code, which makes the exploit easy to use even for attackers with little technical expertise.<\/p>\n

\u201cWith the source code now widely available, even script kiddies can leverage it,\u201d\u00a0said Jonathan Stross, SAP Security Analyst at Pathlock.<\/p>\n

\u201cThe exploit is simple to execute \u2013 requiring only minutes to get running \u2013 and with AI tools like GPT, even inexperienced hackers could cause critical damage to organizations that remain unpatched.\u201d<\/p>\n

Active Exploitation Confirmed<\/h2>\n

The US Cybersecurity & Infrastructure Security Agency (CISA) has recently added CVE-2025-31324 to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its severity.<\/p>\n

In fact, the flaw has been given a CVSS score of 10.0 by SAP\u2019s CNA and 9.8 by NVD, marking it as a top-priority threat.<\/p>\n

\u201cThis new report from the Pathlock research team is a critical read for anyone in corporate cybersecurity,\u201d\u00a0said Frankie Sclafani, director of cybersecurity enablement at Deepwatch.<\/p>\n

\u201cIt highlights how a vulnerability in SAP\u2019s NetWeaver Java Visual Composer, originally patched in April, is now being widely exploited.\u201d<\/p>\n

Read more on SAP cybersecurity threats: SAP NetWeaver Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers<\/em><\/p>\n

Sclafani added: \u201cThis isn\u2019t just a hypothetical risk;\u00a0CISA has already added this vulnerability […] to its [KEV] catalog. This confirms that real-world attacks are happening […] The bottom line is, if you\u2019re running this software and you haven\u2019t patched, you\u2019re at serious risk.\u201d<\/p>\n

Pathlock also highlighted a related flaw, CVE-2025-42999, involving insecure deserialization, which has been chained with the uploader bug in attacks.<\/p>\n

SAP addressed both issues in Security Notes 3594142 and 3604119.<\/p>\n

Recommendations for Organizations<\/h2>\n

To reduce risk, Pathlock advises immediate action:<\/p>\n