DEV Community

Cover image for CVE-2025-31324: SAP NetWeaver Unrestricted File Upload Vulnerability
Freedom Coder
Freedom Coder

Posted on • Edited on • Originally published at scyscan.com

CVE-2025-31324: SAP NetWeaver Unrestricted File Upload Vulnerability

#sap #netweaver #cybersecurity #vulnerability

CVE ID

CVE-2025-31324

Vulnerability Name

SAP NetWeaver Unrestricted File Upload Vulnerability

  • Project: SAP
  • Product: NetWeaver

Date

  • Date Added: 2025-04-29
  • Due Date: 2025-05-20

Description

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://me.sap.com/notes/3594142 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31324

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

Top comments (0)