🆔 CVE-2025-31324
💣 CVSS Score: 10.0 (Critical)
📅 Published: April 24, 2025
🔹 Summary
A critical vulnerability has been discovered in SAP NetWeaver Visual Composer, specifically within the Metadata Uploader component. The flaw stems from missing authorization checks, which could allow unauthenticated remote attackers to upload and execute malicious binaries.
If exploited, this issue could lead to a full compromise of affected systems, impacting confidentiality, integrity, and availability.
🔸 Affected Product
- SAP NetWeaver Visual Composer
- Component: Metadata Uploader
- Weakness: CWE-434 – Unrestricted Upload of File with Dangerous Type
⚙️ Technical Details
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
🛡️ Recommended Actions
- Apply the latest patch provided by SAP immediately.
- Restrict access to the Metadata Uploader component until patches can be applied.
- Review external exposure of SAP components and ensure only authenticated users have upload permissions.
%20Allows%20Remote%20Code%20Execution%20via%20File%20Upload%20Flaw){kind=link}