Recently, SAP NetWeaver users have been strongly advised to apply a critical patch to defend against an active zero-day vulnerability affecting the Visual Composer component of their application server. This vulnerability, which allows unrestricted file uploads, poses a significant threat as it could lead to full server compromise through the deployment of malicious web shells.
Key Points
- A critical zero-day vulnerability (CVE-2025-31324) has been identified within SAP NetWeaver’s Visual Composer.
- The vulnerability has a maximum severity score of 10 on the CVSS scale.
- Attackers are exploiting this flaw to deploy JSP web shells for remote code execution.
- SAP has released an urgent patch that should be applied to all affected systems, especially those exposed to the internet.
- Users are advised to restrict access to the vulnerable component until the patch is applied.
Why should I read this?
If you’re using SAP NetWeaver, you really need to pay attention to this article! We’re talking about a severe vulnerability that’s actively being exploited right now. The potential for system compromise is massive. By reading this, you’ll grasp why it’s crucial to apply this patch immediately—better safe than sorry when it comes to your organisation’s security!