CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.556

EPSS Ranking 97.9%

CVSS Severity

CVSS v3 Score 10.0

Proposed Action

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

Ransomware Campaign

Unknown

References

https://me.sap.com/notes/3594142
https://url.sap/sapsecuritypatchday
https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/
https://www.theregister.com/2025/04/25/sap_netweaver_patch/
https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Products affected by CVE-2025-31324

Sap » Netweaver » Version: 7.50

cpe:2.3:a:sap:netweaver:7.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-31324

Products

Pricing

Contact Us