In late April, SAP fixed a severe bug in NetWeaver Visual Composer Metadata Uploader, affecting over 1,200 instances. Multiple ransomware operators, including BianLian and RansomEXX, exploited this flaw. The bug allowed unauthenticated actors to upload malicious executables. SAP also patched a separate critical zero-day vulnerability in NetWeaver server, tracked as CVE-2025-42999, with a severity score of 9.1/10. Both vulnerabilities were abused in attacks since January 2025.
Source: https://www.techradar.com/pro/security/sap-netweaver-woes-worsen-as-ransomware-gangs-join-the-attack
TPRM report: https://scoringcyber.rankiteo.com/company/sap
"id": "sap723051525",
"linkid": "sap",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"