{"id":1499,"date":"2025-04-28T14:14:30","date_gmt":"2025-04-28T21:14:30","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=1499"},"modified":"2025-05-20T07:15:47","modified_gmt":"2025-05-20T14:15:47","slug":"emerging-threat-sap-netweaver-visual-composer-cve-2025-31324","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/emerging-threat-sap-netweaver-visual-composer-cve-2025-31324\/","title":{"rendered":"Emerging Threat: SAP NetWeaver Visual Composer CVE-2025-31324"},"content":{"rendered":"\n
Update May 19th 2025<\/span><\/h6>

On May 13th, a new vulnerability, CVE-2025-42999, was published. While this vulnerability requires privileged access to exploit, it takes advantage of the same core vulnerability as CVE-2025-31324. In response, SAP released a new patch for CVE-2025-42999 (available at SAP Security Note 3604119 with SAP login) that also fixes the underlying deserialization issue exploited in CVE-2025-31324. <\/p>\n

Applying this patch protects against both vulnerabilities and should be applied even if earlier fixes, like previous mitigation steps suggested for CVE-2025-31324, were implemented in order to eliminate residual risk.<\/p><\/div>\n\n\n\n

What is CVE-2025-31324? <\/h2>\n\n\n\n

On April 24th, 2025, SAP disclosed CVE-2025-31324, a critical missing authorization check vulnerability (CVSS 10.0) affecting the Metadata Uploader component of SAP NetWeaver Visual Composer. This vulnerability fails to restrict file upload content, allowing unauthenticated remote attackers to achieve full remote code execution (RCE) on affected servers. <\/p>\n\n\n\n

SAP Netweaver is a technology integration platform for enterprise applications. It presents a tempting target for attackers because it\u2019s widely deployed across government agencies, giving successful attackers access to valuable information and access to attractive government networks. SAP solutions are also frequently deployed on-premises, giving users control over when and which security updates are applied. <\/p>\n\n\n\n

What assets are affected by CVE-2025-31324? <\/h2>\n\n\n\n

CVE-2025-31324 affects SAP NetWeaver Visual Composer: VC FRAMEWORK 7.50. <\/p>\n\n\n\n

Are fixes available? <\/h2>\n\n\n\n

A security patch was released by SAP on April 24th, 2025. Customers should apply the patch as soon as possible. However, details on this patch are only available through SAP Note #3594142<\/a>, which can only be viewed by SAP customers.  <\/p>\n\n\n\n

CVE-2025-31324 was identified after SAP\u2019s April 2025 security patch day, so SAP users will need to apply an additional patch to be protected from this vulnerability. <\/p>\n\n\n\n

Are there any other recommended actions to take? <\/h2>\n\n\n\n

If patching is not possible, there are several available mitigation options:<\/p>\n\n\n\n