Exploit for Critical SAP Netweaver Flaws Released (CVE-2025-31324, CVE-2025-42999) - Help Net Security

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) - Help Net Security

A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has allegedly been released on a Telegram channel that claimed to represent a collective of three established cybercrime groups: Scattered Spider, ShinyHunters, and LAPSUS$. Historical exploitation o…

Exploit Weaponizes SAP NetWeaver Bugs For Full System Compromise - Cybernoz - Cybersecurity News

Exploit weaponizes SAP NetWeaver bugs for full system compromise Pierluigi Paganini August 20, 2025 Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. A new exploit chaining two vulnerabilities, tracked as CVE-2025-31324 and CVE-2025-42999, in SAP NetWeaver exposes organizations to the risk of system compromise and data theft. CVE-2025-31324 (CVSS scor…

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said. CVE-2025-31324 (CVSS score: 10.0)