CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2025-31324

CVSS 10.0v3.1pub. 2025-04-24upd. 2025-10-31

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

🤖 AI Analysis
How it works

The Visual Composer Metadata Uploader component in SAP NetWeaver does not require authentication or verify permissions before accepting uploaded files. An attacker can transmit a potentially malicious executable file directly to the host server over the network (without the need to have an account or user interaction). The lack of authorization controls (CWE-434 — unrestricted upload of file with dangerous type) allows the uploaded file to be executed in the context of the server's operating system.

Impact

An attacker can gain complete control over the server — obtain full access to data (confidentiality), modify or destroy system resources (integrity), and cause its unavailability (availability). Successful exploitation of the vulnerability can lead to a serious breach of the organization's infrastructure.

Mitigation & patch

Patches available from the vendor must be applied immediately in accordance with SAP Security Note 3594142 (https://me.sap.com/notes/3594142) and SAP Security Patch Day guidelines. Due to active exploitation in production environments, the update should be deployed as a priority; until the patch is installed, consider restricting network access to the Visual Composer component.

Who is affected

SAP NetWeaver with the Visual Composer Metadata Uploader component — specific versions indicated in the vendor references (SAP Security Note 3594142)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Sap Netweaver

    APP
    Sap
    7.50

CISA KEV — detailsi

Vendori
SAP
Producti
NetWeaver
Added to KEVi
April 29, 2025
Remediation deadline (US Federal)i
May 20, 2025(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 20 maja 2025
CWE
References

Related vulnerabilities

CVE-2025-42999CRITICAL9.1⚠ KEVPL ✓ten sam produkt

SAP NetWeaver Visual Composer — niebezpieczna deserializacja treści

CVE-2021-38163CRITICAL9.9⚠ KEVten sam produkt

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker aut...

CVE-2023-36922CRITICAL9.1ten sam produkt

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an ...

CVE-2020-6203CRITICAL9.1ten sam produkt

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an a...

CVE-2011-1517CRITICAL9.8ten sam produkt

SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() ...