SAP News Articles

XOR Marks the Flaw in SAP GUI

The company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user's input history feature.

2 days ago

Tracking CVE-2025-31324: Darktrace’s detection of SAP Netweaver exploitation before and after disclosure

A critical SAP vulnerability, CVE-2025-31324, allows unauthenticated remote code execution via NetWeaver Visual Composer. Despite early mitigation guidance, many systems remain exposed. Darktrace detected exploitation attempts six days before public disclosure, highlighting the importance of proacti...

1 week ago

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

Earth Lamia exploited SAP NetWeaver CVE-2025-31324 to breach Asian and Brazilian orgs since 2023.

1 month ago

Ransomware groups join attacks on SAP NetWeaver

Administrators are strongly advised to update their SAP NetWeaver servers quickly or disable the Visual Composer component.

Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks

As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.

SAP Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers

The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004

SAP NetWeaver flaw exploited by ransomware groups BianLian, RansomEXX

A second zero-day flaw was found in addition to exploitation of Netweaver by ransomware groups.

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

BianLian and RansomExx Exploit SAP CVE-2025-31324 for Full Access, Deploy PipeMagic and Brute Ratel in Multi-Nation Attacks.

Ransomware gangs join ongoing SAP NetWeaver attacks

Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers.

ReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaver

ReliaQuest has uncovered a new vulnerability in SAP NetWeaver, CVE-2025-31324, involving unauthorized file uploads and malicious execution.

SAP patches second zero-day flaw exploited in recent attacks

SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day.

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

581 SAP NetWeaver instances hacked via CVE-2025-31324 + Confirmed China-nexus APT involvement + Critical infrastructure at risk.

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors - Help Net Security

A second wave of attacks against hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway.

CVE-2025-31324 exploit attempts on the rise – Global Security Mag Online

CVE-2025-31324 exploit attempts on the rise by CrowdSec

Threat Brief: CVE-2025-31324

CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry. CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cas...

Chinese hackers behind attacks targeting SAP NetWeaver servers

Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor.

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.

Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability.

Week in review: Critical SAP NetWeaver flaw exploited, RSAC 2025 Conference - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RSAC 2025 Conference RSAC 2025 Conference took place at

Critical Zero-Day Vulnerability in SAP NetWeaver Visual Composer: CVE-2025-31324 Exploited in Manufacturing Attacks

Executive SummaryThe recent discovery of a zero-day vulnerability in SAP NetWeaver Visual Composer has raised alarm bells across the cybersecurity sector. The vulnerability, identified as CVE-2025-31324, is a critical unauthenticated file upload flaw that permits remote code execution, thereby compr...

SAP confirms NetWeaver vulnerability is being actively exploited

Critical SAP vulnerability (CVE-2025-31324) actively exploited with webshells. Threat level: High/High. Install the emergency patch immediately and check systems.

SAP vulnerability | CVE-2025-31324

Security alert on the SAP NetWeaver technical platform and Stormshield cyber protection against CVE-2025-31324.

SAP NetWeaver Visual Composer Flaw Under Active Exploitation

CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.

Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers.

Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) - Help Net Security

CVE-2025-31324, a critical vulnerability in SAP NetWeaver, is being actively exploited by attackers to upload malicious webshells.

SAP patches zero-day vulnerability in NetWeaver, denies exploitation

SAP has released emergency patches for a critical zero-day in NetWeaver Visual Composer that allows attackers to execute unauthenticated code.

SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells

A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. The company urges patching!

SAP Fixes Critical Vulnerability After Evidence of Exploitation

A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors

SAP fixes suspected Netweaver zero-day exploited in attacks

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers.

CVSS 10 SAP NetWeaver bug is under active attack

SAP NetWeaver customers are coming under widespread attack, as threat actors exploit a maximum criticality CVSS 10 vulnerability that has now been allocated  CVE-2025-31324. The vulnerability, which affects the platform’s visual composer, lets a remote and unauthenticated attacker upload malicious ...

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

Threat actors exploit SAP NetWeaver flaw + zero-day suspected + CVE-2025-31324 enables file uploads.

Critical SAP NetWeaver Vulnerability (CVE-2025-31324) Fixed: Actively Exploited in the Wild

Critical SAP NetWeaver vulnerability (CVE-2025-31324) with CVSS 10.0 allows remote code execution via file upload. Patch immediately - active exploits detected in the wild.

SAP Zero-Day Possibly Exploited by Initial Access Broker

A zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.

Critical vulnerability in SAP NetWeaver under threat of active exploitation

Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

Critical SAP NetWeaver Flaws Let Hackers Gain System Access

SAP has released its January 2025 Security Patch Day updates, addressing 14 new vulnerabilities, including two critical flaws in SAP NetWeaver that could allow attackers to gain unauthorized access to affected systems. The most severe vulnerability, CVE-2025-0070, is an improper authentication issue...

SAP Update: Patches Fix Critical Flaws For Businesses

This month's SAP update addresses critical flaws that could allow attackers to bypass authentication and gain complete control of affected systems.

CVE-2023-27497 : SAP DIAGNOSTICS AGENT 720 ON WINDOWS EVENTLOGSERVICECOLLECTOR MISSING AUTHENTICATION - Cloud WAF

CVE-2023-27497 : Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent.

CVE-2024-39592 : SAP PDCE S4CORE 102 UP TO S4COREOP 107 AUTHORIZATION - Cloud WAF

CVE-2024-39592 : Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover - Malware News - Malware Analysis, News and Indicators

SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover On May 14, 2024, SAP delivered its monthly security updates, which included 14 new Security Notes alongside updates to …

CVE-2024-27899 : SAP NETWEAVER AS JAVA USER MANAGEMENT ENGINE 7.50 USER ADMIN APPLICATION PASSWORD RECOVERY - Cloud WAF

CVE-2024-27899 : Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer.