<ul><li>SAP has patched a critical-severity zero-day vulnerability, CVE-2025-42999, in NetWeaver server.</li><li>This vulnerability was chained with CVE-2025-31324, fixed in April, and poses a risk to Fortune 500 companies.</li><li>The flaw allows a privileged user to upload content that could compromise confidentiality, integrity, and availability.</li><li>Several firms observed attacks exploiting the vulnerability in which web shells were dropped on vulnerable servers.</li></ul>

SAP patches recently exploited zero-day in wake of NetWeaver server attacks

Discover more