SAP NetWeaver Visual Composer recently experienced a cyberattack. Security researchers discovered a critical unrestricted-file-upload vulnerability (CVE-2025-31324) being actively exploited by hackers. This flaw could allow an unauthenticated user to upload harmful executable binaries. Although SAP has released a workaround, they are still in the process of creating a patch. However, the scope of the impact is even more problematic. Researchers suspect that more than 10,000 internet-facing SAP systems could be at risk due to this vulnerability. Also, because SAP technology is used widely among government agencies, a successful breach could give hackers access to government networks. Even though the component vulnerable to this attack isn't automatically enabled, estimations suggest that between 50%-70% of these apps have the vulnerable component enabled and are likely compromised already.
Source: https://www.cybersecuritydive.com/news/critical-vulnerability-sap-netweaver-exploitation/746383/
TPRM report: https://scoringcyber.rankiteo.com/company/virkconsultinginc
"id": "vir759042625",
"linkid": "virkconsultinginc",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
'name': 'SAP',
'type': 'Software Company'}],
'attack_vector': 'Unrestricted-file-upload vulnerability',
'description': 'Security researchers discovered a critical '
'unrestricted-file-upload vulnerability (CVE-2025-31324) being '
'actively exploited by hackers. This flaw could allow an '
'unauthenticated user to upload harmful executable binaries. '
'Although SAP has released a workaround, they are still in the '
'process of creating a patch. The scope of the impact is even '
'more problematic. Researchers suspect that more than 10,000 '
'internet-facing SAP systems could be at risk due to this '
'vulnerability. Also, because SAP technology is used widely '
'among government agencies, a successful breach could give '
'hackers access to government networks. Even though the '
"component vulnerable to this attack isn't automatically "
'enabled, estimations suggest that between 50%-70% of these '
'apps have the vulnerable component enabled and are likely '
'compromised already.',
'impact': {'systems_affected': 'More than 10,000 internet-facing SAP systems'},
'title': 'SAP NetWeaver Visual Composer Vulnerability Exploitation',
'type': 'Cyberattack',
'vulnerability_exploited': 'CVE-2025-31324'}