ZTalent |
Home
Search
Offers Professionals Companies
Community
News I'm a company I'm an SAP professional
Create account
Back to home

Critical Breach in SAP

08 May 2025

In an environment where digital security is key to business operations, SAP faces a critical situation following the discovery of a severe vulnerability in one of its most widely used components. The flaw, identified as CVE-2025-31324, affects SAP NetWeaver Visual Composer Metadata Uploader and has been actively exploited since March 2025, compromising several organizations.

Critical Vulnerability Allows Unauthorized Access

Discovered by the security firm Onapsis in January 2025, this vulnerability was subject to malicious scanning before the first attacks were confirmed. Both the Dutch National Cyber Security Centre (NCSC) and SAP recommended the immediate installation of an emergency patch.

On April 29, the U.S. CISA added this threat to its list of actively exploited vulnerabilities. Attackers can gain persistent access to the system without authentication, allowing them to:

  • Install webshells to execute commands and maintain control over the system.
  • Steal sensitive data such as credentials, financial information, and customer records.
  • Use compromised systems to launch further attacks or distribute malware.
  • Sell access on the dark web, increasing the risk of ransomware and extortion.

Other Critical Vulnerabilities in SAP

SAP NetWeaver Visual Composer

  • Severity: Critical (CVSS 10.0)
  • Impact: Allows remote execution of malicious files without authentication.
  • Mitigation: Immediate application of patches and official SAP guidance.

SAP S/4HANA and SAP Landscape Transformation

  • Types: Code injection and authentication bypass
  • CVE Codes: CVE-2025-27429, CVE-2025-31330, CVE-2025-30016
  • Recommendation: Install the published security patches.

SAP Security Patch Day – April 2025

  • Summary: 20 vulnerabilities addressed, 3 of them critical
  • Recommended Action: Visit the SAP support portal and apply the corresponding updates.

The security breaches detected in April 2025 highlight the urgent need to keep SAP systems updated. Immediate action is recommended, including the application of available patches and adherence to cybersecurity best practices to reduce risks and protect digital assets.
Customers are advised to visit the SAP support portal and apply the security patches to mitigate risks.

Comments