Vulnerability cyber

SAP NetWeaver Visual Composer

Apr 26, 2025 1 min read
SAP NetWeaver Visual Composer

SAP NetWeaver Visual Composer recently experienced a cyberattack. Security researchers discovered a critical unrestricted-file-upload vulnerability (CVE-2025-31324) being actively exploited by hackers. This flaw could allow an unauthenticated user to upload harmful executable binaries. Although SAP has released a workaround, they are still in the process of creating a patch. However, the scope of the impact is even more problematic. Researchers suspect that more than 10,000 internet-facing SAP systems could be at risk due to this vulnerability. Also, because SAP technology is used widely among government agencies, a successful breach could give hackers access to government networks. Even though the component vulnerable to this attack isn't automatically enabled, estimations suggest that between 50%-70% of these apps have the vulnerable component enabled and are likely compromised already.

Source: https://www.cybersecuritydive.com/news/critical-vulnerability-sap-netweaver-exploitation/746383/

TPRM report: https://scoringcyber.rankiteo.com/company/virkconsultinginc

"id": "vir759042625",
"linkid": "virkconsultinginc",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'SAP',
                        'type': 'Software Company'}],
 'attack_vector': 'Unrestricted-file-upload vulnerability',
 'description': 'Security researchers discovered a critical '
                'unrestricted-file-upload vulnerability (CVE-2025-31324) being '
                'actively exploited by hackers. This flaw could allow an '
                'unauthenticated user to upload harmful executable binaries. '
                'Although SAP has released a workaround, they are still in the '
                'process of creating a patch. The scope of the impact is even '
                'more problematic. Researchers suspect that more than 10,000 '
                'internet-facing SAP systems could be at risk due to this '
                'vulnerability. Also, because SAP technology is used widely '
                'among government agencies, a successful breach could give '
                'hackers access to government networks. Even though the '
                "component vulnerable to this attack isn't automatically "
                'enabled, estimations suggest that between 50%-70% of these '
                'apps have the vulnerable component enabled and are likely '
                'compromised already.',
 'impact': {'systems_affected': 'More than 10,000 internet-facing SAP systems'},
 'title': 'SAP NetWeaver Visual Composer Vulnerability Exploitation',
 'type': 'Cyberattack',
 'vulnerability_exploited': 'CVE-2025-31324'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.