vulnerability

SAP NetWeaver: CVE-2025-31324: Unrestricted Upload of File with Dangerous Type

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Apr 24, 2025	Apr 28, 2025	May 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Apr 24, 2025

Added

Apr 28, 2025

Modified

May 5, 2025

Description

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

Solution

sap-netweaver-cve-2025-31324

References

CVE-2025-31324
https://attackerkb.com/topics/CVE-2025-31324
URL-https://me.sap.com/notes/3594142
URL-https://url.sap/sapsecuritypatchday

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today