Summary
| Vulnerability Name | SAP NetWeaver Remote Code Execution (CVE-2025-31324) |
| Released on | April 28, 2025 |
| Affected Component | SAP NetWeaver |
| Affected Version | SAP NetWeaver and SAP NetWeaver Visual Composer |
| Vulnerability Type | Remote code execution |
| Exploitation Condition |
|
| Impact | Exploitation difficulty: easy. This vulnerability may result in remote code execution. Severity: critical. This vulnerability may result in remote code execution. |
| Official Solution | Available |
About the Vulnerability
Component Introduction
SAP NetWeaver is an integrated application platform developed based on professional standards, which can significantly simplify system integration.
Vulnerability Description
On April 28, 2025, Sangfor FarSight Labs received notification of the remote code execution vulnerability in SAP NetWeaver (CVE-2025-31324), classified as critical in threat level.
Specifically, there is a critical code execution vulnerability in the /developmentserver/metadatauploader endpoint of SAP NetWeaver Visual Composer. Unauthorized attackers can exploit this vulnerability to upload malicious files, leading to server compromises.
Affected Versions
The following SAP NetWeaver versions are affected:
SAP NetWeaver and SAP NetWeaver Visual Composer
Solutions
Remediation Solutions
Official Solution
Security patches have been officially released to fix the vulnerability. Affected users are advised to download and install the corresponding patches at the earliest opportunity.
Download link: https://me.sap.com/notes/3594142
Sangfor Solutions
Risky Asset Discovery
The following Sangfor products can conduct proactive detection on SAP NetWeaver to discover affected assets in batches in business scenarios:
- Sangfor Host Security: Fingerprint ID 0004755
- Sangfor TSS: Fingerprint ID 0004755
Vulnerability Detection
The following Sangfor products can proactively detect CVE-2025-31324 and quickly identify vulnerability risks:
- Sangfor Host Security: Rule ID SF-2025-00480 (May 6, 2025)
- Sangfor TSS: Rule ID SF-2025-00989 (May 12, 2025)
- Sangfor Cyber Guardian Platform: Rule ID SF-2025-00989 (May 12, 2025)
- Sangfor XDR: Rule ID SF-2025-00480 (May 6, 2025)
Vulnerability Monitoring
These products support real-time monitoring:
- Cyber Command: Rule ID 11027497 (May 11, 2025)
- Sangfor Cyber Guardian Platform: Rule ID 11027497 (May 11, 2025)
- Sangfor XDR: Rule ID 11027497 (May 11, 2025)
Vulnerability Prevention
The following Sangfor products can effectively block CVE-2025-31324 exploits:
- Network Secure: Rule ID 11027497 (May 11, 2025)
- Sangfor Web Application Firewall: Rule ID 11027497 (May 11, 2025)
- Sangfor Cyber Guardian Platform: Rule ID 11027497 (May 11, 2025)
- Sangfor XDR: Rule ID 11027497 (May 11, 2025)
Timeline
April 28, 2025: Notification and alert from Sangfor FarSight Labs regarding CVE-2025-31324.
References
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers and offering actionable solutions. The labs collaborate with security vendors and the global security community to provide fast, reliable protection.
