Attackers have been exploiting a crucial zero-day vulnerability within the Visible Composer element of the SAP NetWeaver software server since early this week. SAP launched an out-of-band repair that’s out there by its assist portal and it must be utilized instantly, particularly on techniques which might be straight uncovered to the web.
“Unauthenticated attackers can abuse built-in performance to add arbitrary recordsdata to an SAP NetWeaver occasion, which implies full distant code execution and whole system compromise,” Benjamin Harris, CEO of cybersecurity agency WatchTowr, advised CSO. “This isn’t a theoretical risk — it’s taking place proper now. WatchTowr is seeing energetic exploitation by risk actors, who’re utilizing this vulnerability to drop internet shell backdoors onto uncovered techniques and achieve additional entry.”
The vulnerability, tracked as CVE-2025-31324, acquired the utmost severity rating of 10 on the CVSS scale. Prospects ought to apply the repair in SAP Security Note 3594142 (requires authentication), but when they will’t instantly they need to disable or stop entry to the susceptible element by following directions in SAP note 3596125, researchers from SAP-focused safety agency Onapsis mentioned in an advisory.
