Cyber service warns for weaknesses in company software SAP

Cyber service warns for weaknesses in company software SAP

The Digital Trust Center (DTC) has warned that there are vulnerabilities in the company software SAP. It has become clear recently that that these weaknesses were being actively abused. Now it has become apparent that the cyber attackers are using the weak point to gain access to the system again at a later date.That is why the DTC, the cyber service of the Ministry of Economic Affairs, has scaled up the threat level to high.

The Digital Trust Center (DTC) warns of a vulnerability in SAP's business software. It was already clear that this vulnerability was actively abused. Now it appears that attackers are also using this weak point to gain access to systems again later.

SAP confirms NetWeaver vulnerability is being actively exploited

Critical SAP vulnerability (CVE-2025-31324) actively exploited with webshells. Threat level: High/High. Install the emergency patch immediately and check systems.

width="1888" height="1062" sizes="(max-width: 1888px) 100vw, 1888px">Hackers could use a vulnerability in NetWeaver to access SAP systems, inject malicious code, and thus take control. TenPixels – shutterstock.com Attackers have been exploiting a critical zero-day vulnerability in the Visual Composer component of the SAP NetWeaver Application Server since April 21, 2025. SAP has already released an out-of-band fix, which is available via the sup…

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the high-risk zero-day vulnerability CVE-2025-31324 (CVSS score 10/10) in SAP NetWeaver to the catalog of known exploited vulnerabilities. The vulnerability stems from the lack of authorization checks in the Visual Composer Metadata Uploader, allowing unauthenticated attackers to upload malicious files and control the target system. After discovering the vulnerability, re…

Critical Vulnerability In SAP NetWeaver Visual Composer Leads To Confirmed Compromises - Cybernoz - Cybersecurity News

A critical vulnerability in SAP NetWeaver Visual Composer has led to confirmed compromises of multiple organizations, and researchers warn that more than 7,500 SAP NetWeaver Application Servers remain exposed and potentially at risk. The vulnerability, tracked as CVE-2025-31324 and assigned a severity score of 10, is a critical unauthenticated-file-upload vulnerability that affects the metadata uploader component of SAP NetWeaver Visual Composer…