Unauthorized Metadata Upload Vulnerability in SAP NetWeaver Visual Composer by SAP
CVE-2025-31324

10CRITICAL

Key Information:

Vendor
SAP
Status
SAP Netweaver (visual Composer Development Server)
Vendor
CVE Published:
24 April 2025

Badges

📈 Score: 510👾 Exploit Exists📰 News Worthy

What is CVE-2025-31324?

CVE-2025-31324 is a vulnerability found in SAP NetWeaver Visual Composer, a platform used for developing web-based applications and services. The vulnerability arises from insufficient authorization mechanisms that permit unauthorized agents to upload executable binaries to the system. This flaw exposes organizations to severe security risks, as malicious entities could exploit it to introduce harmful code, potentially leading to significant disruptions or breaches in sensitive data integrity.

Technical Details

The vulnerability primarily affects the Metadata Uploader component of SAP NetWeaver Visual Composer. The absence of proper authorization check mechanisms allows attackers to bypass normal security protocols. As a result, they can upload malicious executable binaries without any authentication, which can be executed on the host system. Exploiting this vulnerability can lead to severe system compromise, allowing attackers to gain unauthorized access and control over affected environments.

Potential impact of CVE-2025-31324

  1. Compromise of Confidentiality: The ability to upload malicious binaries can lead to unauthorized access to sensitive data, compromising the confidentiality of organizational information.

  2. Integrity Threats: Malicious code injections can alter or corrupt data, undermining the integrity of applications and services reliant on SAP NetWeaver Visual Composer.

  3. Availability Issues: Exploitation of this vulnerability could lead to system outages or degraded performance, affecting the availability of crucial services and applications within an organization.

Affected Version(s)

SAP NetWeaver (Visual Composer development server) VCFRAMEWORK 7.50

News Articles

favicon imageInfosecurity Magazine

SAP Fixes Critical Vulnerability After Evidence of Exploitation

A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors

20 hours ago

favicon imageBleepingComputer

SAP fixes suspected Netweaver zero-day exploited in attacks

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers.

1 day ago

favicon imageThe Stack

CVSS 10 SAP NetWeaver bug is under active attack

SAP NetWeaver customers are coming under widespread attack, as threat actors exploit a maximum criticality CVSS 10 vulnerability that has now been allocated  CVE-2025-31324. The vulnerability, which affects the platform’s visual composer, lets a remote and unauthenticated attacker upload malicious ...

1 day ago

References

https://me.sap.com/notes/3594142
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

.