SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible.

CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

Exploitation has been observed and an emergency out-of-band patch from SAP has been released to address this critical vulnerability. Immediate patching is recommended.

SAP NetWeaver Visual Composer Metadata Uploader is affected by an improper authorization vulnerability allowing an unauthenticated attacker to upload arbitrary files allowing to achieve a Remote Code Execution.

The remote SAP NetWeaver Visual Composer Metadata Uploader enpoint is potentially affected by an improper authorization vulnerability:

  - SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing     unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host     system. This could significantly affect the confidentiality, integrity, and availability of the targeted     system. (CVE-2025-31324)

ID	Name	Product	Family	Severity
114785	SAP NetWeaver Visual Composer Metadata Uploader Arbitrary File Upload	Web App Scanning	Component Vulnerability	critical
234846	SAP NetWeaver Visual Composer Metadata Uploader Improper Authorization (CVE-2025-31324) (Direct Check)	Nessus	CGI abuses	critical

Detections

Analytics

CVE-2025-31324

critical

Tenable Plugins

critical

critical