4 min read
By: RedLegg's Cyber Threat Intelligence Team
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES:
SAP NetWeaver Visual Composer Metadata Uploader Unauthenticated File Upload
CVSS Score: 10.0 (Critical)
Identifier: CVE-2025-31324
Exploit or Proof of Concept (PoC): Yes – https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html
Update: CVE-2025-31324 – SAP Security Advisory
Description: CVE-2025-31324 is a critical vulnerability in SAP NetWeaver Visual Composer's Metadata Uploader component. The flaw arises from the absence of proper authorization checks, allowing unauthenticated attackers to upload malicious executable files to the system. Exploitation of this vulnerability can lead to full system compromise, affecting the confidentiality, integrity, and availability of the targeted system. The vulnerability has been actively exploited in the wild, with threat actors deploying JSP web shells to gain persistent remote access and execute arbitrary commands on affected systems.
Mitigation Recommendation: SAP has released Security Note 3594142 to address this vulnerability. Administrators are strongly advised to apply the provided patches immediately. If immediate patching is not feasible, it is recommended to restrict access to the Metadata Uploader component and monitor systems for any unusual activity.
Note: Given the critical nature of this vulnerability and its active exploitation, prompt action is essential to secure affected systems. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of your infrastructure.
