CVE-2025-31324

Name of the Vulnerable Software and Affected Versions SAP NetWeaver versions prior to the release of SAP Security Note 3594142.

Description SAP NetWeaver Visual Composer Metadata Uploader is not protected with proper authorization, allowing unauthenticated attackers to upload potentially malicious executable binaries that could severely compromise the host system. This vulnerability (CVE-2025-31324) has a CVSS score of 10.0 and is actively exploited in the wild by multiple threat actors, including China-linked APT groups and ransomware operations. Attackers are leveraging this flaw to deploy webshells, such as Auto-Color, and gain remote code execution. The exploitation has been observed across various sectors, including energy, government, healthcare, and manufacturing. The vulnerability allows for unrestricted file uploads, potentially leading to full system compromise.

Recommendations Apply SAP Security Note 3594142 immediately. If patching is not immediately possible, restrict access to the /developmentserver/metadatauploader endpoint and disable the Visual Composer component if it is not in use. Implement robust monitoring and intrusion detection systems to identify and respond to potential exploitation attempts.