SAP NetWeaver Visual Composer recently experienced a cyberattack. Security researchers discovered a critical unrestricted-file-upload vulnerability (CVE-2025-31324) being actively exploited by hackers. This flaw could allow an unauthenticated user to upload harmful executable binaries. Although SAP has released a workaround, they are still in the process of creating a patch. However, the scope of the impact is even more problematic. Researchers suspect that more than 10,000 internet-facing SAP systems could be at risk due to this vulnerability. Also, because SAP technology is used widely among government agencies, a successful breach could give hackers access to government networks. Even though the component vulnerable to this attack isn't automatically enabled, estimations suggest that between 50%-70% of these apps have the vulnerable component enabled and are likely compromised already.
Source: https://www.cybersecuritydive.com/news/critical-vulnerability-sap-netweaver-exploitation/746383/
"id": "vir759042625",
"linkid": "virkconsultinginc",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"