Attackers have been exploiting a important zero-day vulnerability within the Visible Composer part of the SAP NetWeaver software server since early this week. SAP launched an out-of-band repair that’s accessible by way of its assist portal and it must be utilized instantly, particularly on techniques which can be straight uncovered to the web.
“Unauthenticated attackers can abuse built-in performance to add arbitrary information to an SAP NetWeaver occasion, which implies full distant code execution and complete system compromise,” Benjamin Harris, CEO of cybersecurity agency WatchTowr, informed CSO. “This isn’t a theoretical menace — it’s taking place proper now. WatchTowr is seeing energetic exploitation by menace actors, who’re utilizing this vulnerability to drop net shell backdoors onto uncovered techniques and achieve additional entry.”
The vulnerability, tracked as CVE-2025-31324, acquired the utmost severity rating of 10 on the CVSS scale. Prospects ought to apply the repair in SAP Safety Notice 3594142 (requires authentication), but when they’ll’t instantly they need to disable or forestall entry to the weak part by following directions in SAP notice 3596125, researchers from SAP-focused security agency Onapsis mentioned in an advisory.
