<ul><li>Threat actors are launching a second wave of attacks on SAP NetWeaver by exploiting webshells from a recent zero-day vulnerability (CVE-2025-31324).</li><li>A critical flaw in SAP NetWeaver Visual Composer Metadata Uploader allows unauthenticated attackers to upload malicious executable files, potentially leading to a full compromise of SAP environments.</li><li>Researchers from ReliaQuest discovered the vulnerability and reported it to SAP, leading to a patch release to address the issue.</li><li>Onapsis researchers observed a second wave of attacks using the same vulnerability, prompting the release of an open-source scanner to detect exploitation attempts.</li></ul>

Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324

Discover more