CVE-2025-31324

Confirmed PUBLISHED

Missing Authorization check in SAP NetWeaver (Visual Composer development server)

SAP_SE · SAP NetWeaver (Visual Composer development server)

400 days faster than CISA KEV

Exploited in the wild Used in malware PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
10.0 Critical EPSS 99.4%

At a Glance

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

windows cisa nuclei_scanner malware
CVE Published
Apr 24, 2025
Exploitation Reported
Apr 25, 2025
CVSS
10.0 Critical
EPSS
99.4%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
SAP_SE
SAP NetWeaver (Visual Composer development server)

VCFRAMEWORK 7.50

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.