【Vulnerability Warning】SAP Patches Critical Security Flaw in NetWeaver Application Server (CVE-2025-31324)

• Summary: 【Vulnerability Warning】SAP Patches Critical Security Flaw in NetWeaver Application Server (CVE-2025-31324)
• Details:
  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERTCC-200-202505-00000001).
  • SAP has issued a critical security advisory for its NetWeaver Application Server (CVE-2025-31324, CVSS: 10.0). The vulnerability stems from an unauthorized file upload mechanism in the Visual Composer Metadata Uploader component, allowing unauthenticated remote attackers to upload arbitrary files and execute malicious code.
• Affected Platform:
  • SAP NetWeaver VCFRAMEWORK version 7.50
• Recommended Action:
  • Please visit the official website to apply the patch: https://supportsap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html
• Reference:
  • https://www.twcert.org.tw/tw/cp-169-10093-9eb4f-1.html

Network System Division
Computer and Communication Center9