EXECUTIVE SUMMARY:
A critical zero-day vulnerability, identified as CVE-2025-31324, has been discovered in SAP NetWeaver's Visual Composer Metadata Uploader component. This flaw allows unauthenticated attackers to upload malicious files, such as JSP webshells, to affected systems, potentially leading to full system compromise. Security researchers have observed active exploitation of this vulnerability in the wild, with attackers employing advanced tools like Brute Ratel C4 and evasion techniques such as Heaven’s Gate to bypass security measures.
RECOMMENDATION:
We recommend you refer below mentioned link to apply patches:
https://me.sap.com/notes/3594142
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/sap-netweaver-devices-vulnerable-to-0-day/