<ul><li>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog.</li><li>The flaw, tracked as CVE-2025-31324, allows unauthenticated attackers to upload malicious files to the system and potentially compromise SAP environments.</li><li>The vulnerability was discovered by researchers from ReliaQuest, who reported it to SAP and the company subsequently released a patch.</li><li>CISA has ordered federal agencies to fix the vulnerability by May 20, 2025.</li></ul>

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

Discover more