SAP News Articles
Recent news articles refferecing the vendors vulnerabilities.
Red Hot CyberCVE-2025-42880SAP Security Update Fixes Critical Code Injection Vulnerability in Solution Manager
SAP releases security update fixing critical code injection vulnerability in Solution Manager. Learn more about the patch and protect your system now.
Arctic WolfCVE-2025-42890CVE-2025-42890 | Arctic Wolf
SAP published a security advisory addressing a maximum severity vulnerability identified as CVE-2025-42890 in SQL Anywhere Monitor (Non-GUI) version 17.
SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor
SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform.
Security AffairsCVE-2025-42910SAP fixed maximum-severity bug in NetWeaver
SAP addressed 13 new flaws, including a maximum severity vulnerability in SAP NetWeaver, which could lead to arbitrary command execution.
SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM
SAP announces 16 new and updated patch notes as part of its monthly rollout, including three that address critical vulnerabilities.
The Hacker NewsCVE-2025-42944SAP Patches Critical NetWeaver (CVSS Up to 10.0) and Previously Exploited S/4HANA Flaws
SAP patches critical NetWeaver and S/4HANA flaws (CVSS 8.1–10.0), preventing code execution, file upload, and data loss.
Critical SAP S/4HANA Vulnerability Under Attack
Exploitation of CVE-2025-42957 requires "minimal effort" and can result in a complete compromise of the SAP system and host OS, according to researchers.
Critical SAP S/4HANA vulnerability now exploited in attacks
A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn.
The Hacker NewsCVE-2025-42957SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
CVE-2025-42957 in SAP S/4HANA exploited with CVSS 9.9 severity, enabling full system compromise.
SAP Vulns Under Exploitation in 'One-Two Punch' Attack
The vulnerabilities themselves aren't new, but are being exploited in a novel manner that could lead to a "devastating attack."
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
SAP NetWeaver Exploit Chains CVE-2025-31324 and CVE-2025-42999, Abused as Zero-Days by Ransomware and Espionage Groups Targeting Critical Infras
DarktraceCVE-2025-31324Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion
This blog examines a real-world Auto-Color malware attack that originated from the exploitation of CVE-2025-31324. Learn how Darktrace identified and contained the threat using AI-driven detection and response, with additional support from its expert analyst team.
The Hacker NewsCVE-2025-31324Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
SAP flaw CVE-2025-31324 exploited to deploy Auto-Color malware at U.S. chemicals firm; Linux systems targeted.
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company.
XOR Marks the Flaw in SAP GUI
The company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user's input history feature.
DarktraceCVE-2025-31324Tracking CVE-2025-31324: Darktrace’s detection of SAP Netweaver exploitation before and after disclosure
A critical SAP vulnerability, CVE-2025-31324, allows unauthenticated remote code execution via NetWeaver Visual Composer. Despite early mitigation guidance, many systems remain exposed. Darktrace detected exploitation attempts six days before public disclosure, highlighting the importance of proacti...
The Hacker NewsCVE-2025-31324China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
Earth Lamia exploited SAP NetWeaver CVE-2025-31324 to breach Asian and Brazilian orgs since 2023.
Techzine EuropeCVE-2025-31324Ransomware groups join attacks on SAP NetWeaver
Administrators are strongly advised to update their SAP NetWeaver servers quickly or disable the Visual Composer component.
Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks
As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.
Infosecurity MagazineSAP Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers
The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004
SAP NetWeaver flaw exploited by ransomware groups BianLian, RansomEXX
A second zero-day flaw was found in addition to exploitation of Netweaver by ransomware groups.
The Hacker NewsCVE-2025-31324BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
BianLian and RansomExx Exploit SAP CVE-2025-31324 for Full Access, Deploy PipeMagic and Brute Ratel in Multi-Nation Attacks.
Ransomware gangs join ongoing SAP NetWeaver attacks
Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers.
ReliaQuestCVE-2025-31324ReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaver
ReliaQuest has uncovered a new vulnerability in SAP NetWeaver, CVE-2025-31324, involving unauthorized file uploads and malicious execution.