SAP News Articles

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

581 SAP NetWeaver instances hacked via CVE-2025-31324 + Confirmed China-nexus APT involvement + Critical infrastructure at risk.

3 hours ago

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors - Help Net Security

A second wave of attacks against hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway.

1 day ago

CVE-2025-31324 exploit attempts on the rise – Global Security Mag Online

CVE-2025-31324 exploit attempts on the rise by CrowdSec

2 days ago

Threat Brief: CVE-2025-31324

CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry. CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cas...

4 days ago

Chinese hackers behind attacks targeting SAP NetWeaver servers

Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor.

4 days ago

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.

5 days ago

Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability.

1 week ago

Week in review: Critical SAP NetWeaver flaw exploited, RSAC 2025 Conference - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RSAC 2025 Conference RSAC 2025 Conference took place at

1 week ago

SAP confirms NetWeaver vulnerability is being actively exploited

Critical SAP vulnerability (CVE-2025-31324) actively exploited with webshells. Threat level: High/High. Install the emergency patch immediately and check systems.

2 weeks ago

SAP vulnerability | CVE-2025-31324

Security alert on the SAP NetWeaver technical platform and Stormshield cyber protection against CVE-2025-31324.

2 weeks ago

SAP NetWeaver Visual Composer Flaw Under Active Exploitation

CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.

2 weeks ago

Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers.

2 weeks ago

Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) - Help Net Security

CVE-2025-31324, a critical vulnerability in SAP NetWeaver, is being actively exploited by attackers to upload malicious webshells.

2 weeks ago

SAP patches zero-day vulnerability in NetWeaver, denies exploitation

SAP has released emergency patches for a critical zero-day in NetWeaver Visual Composer that allows attackers to execute unauthenticated code.

2 weeks ago

SAP Fixes Critical Vulnerability After Evidence of Exploitation

A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors

3 weeks ago

SAP fixes suspected Netweaver zero-day exploited in attacks

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers.

3 weeks ago

CVSS 10 SAP NetWeaver bug is under active attack

SAP NetWeaver customers are coming under widespread attack, as threat actors exploit a maximum criticality CVSS 10 vulnerability that has now been allocated  CVE-2025-31324. The vulnerability, which affects the platform’s visual composer, lets a remote and unauthenticated attacker upload malicious ...

3 weeks ago

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

Threat actors exploit SAP NetWeaver flaw + zero-day suspected + CVE-2025-31324 enables file uploads.

3 weeks ago

Critical SAP NetWeaver Vulnerability (CVE-2025-31324) Fixed: Actively Exploited in the Wild

Critical SAP NetWeaver vulnerability (CVE-2025-31324) with CVSS 10.0 allows remote code execution via file upload. Patch immediately - active exploits detected in the wild.

3 weeks ago

SAP Zero-Day Possibly Exploited by Initial Access Broker

A zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.

3 weeks ago

Critical vulnerability in SAP NetWeaver under threat of active exploitation

Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

3 weeks ago

Critical SAP NetWeaver Flaws Let Hackers Gain System Access

SAP has released its January 2025 Security Patch Day updates, addressing 14 new vulnerabilities, including two critical flaws in SAP NetWeaver that could allow attackers to gain unauthorized access to affected systems. The most severe vulnerability, CVE-2025-0070, is an improper authentication issue...

SAP Update: Patches Fix Critical Flaws For Businesses

This month's SAP update addresses critical flaws that could allow attackers to bypass authentication and gain complete control of affected systems.

CVE-2023-27497 : SAP DIAGNOSTICS AGENT 720 ON WINDOWS EVENTLOGSERVICECOLLECTOR MISSING AUTHENTICATION - Cloud WAF

CVE-2023-27497 : Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent.

CVE-2024-39592 : SAP PDCE S4CORE 102 UP TO S4COREOP 107 AUTHORIZATION - Cloud WAF

CVE-2024-39592 : Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover - Malware News - Malware Analysis, News and Indicators

SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover On May 14, 2024, SAP delivered its monthly security updates, which included 14 new Security Notes alongside updates to …

CVE-2024-27899 : SAP NETWEAVER AS JAVA USER MANAGEMENT ENGINE 7.50 USER ADMIN APPLICATION PASSWORD RECOVERY - Cloud WAF

CVE-2024-27899 : Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer.