Código HTML do Conteúdo

Post: Public Exploit Released for Critical SAP NetWeaver Flaw - Against Invaders - Notícias de CyberSecurity para humanos.

<div data-edit-folder-name="text" data-index="0" data-layout-id="2" id="layout-a67bde88-7019-4324-a084-f12bc13f1b5b"> <p>A critical vulnerability in SAP NetWeaver AS Java Visual Composer, tracked as CVE-2025-31324, is now being widely exploited following the release of public exploit tooling.</p> <p>The flaw, <a href="https://www.infosecurity-magazine.com/news/sap-fixes-critical-vulnerability/" target="_blank">patched in April 2025</a>, allows unauthenticated remote code execution via the platform&rsquo;s metadata uploader endpoint.</p> <p>What&rsquo;s new is the public availability of the full source code, which makes the exploit easy to use even for attackers with little technical expertise.</p> <p>&ldquo;With the source code now widely available, even script kiddies can leverage it,&rdquo;said Jonathan Stross, SAP Security Analyst at Pathlock.</p> <p>&ldquo;The exploit is simple to execute &ndash; requiring only minutes to get running &ndash; and with AI tools like GPT, even inexperienced hackers could cause critical damage to organizations that remain unpatched.&rdquo;</p> <h2>Active Exploitation Confirmed</h2> <p>The US Cybersecurity &amp; Infrastructure Security Agency (CISA) has recently added CVE-2025-31324 to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its severity.</p> <p>In fact, the flaw has been given a CVSS score of 10.0 by SAP&rsquo;s CNA and 9.8 by NVD, marking it as a top-priority threat.</p> <p>&ldquo;This new report from the Pathlock research team is a critical read for anyone in corporate cybersecurity,&rdquo;said Frankie Sclafani, director of cybersecurity enablement at Deepwatch.</p> <p>&ldquo;It highlights how a vulnerability in SAP&rsquo;s NetWeaver Java Visual Composer, originally patched in April, is now being widely exploited.&rdquo;</p> <p><a href="https://www.infosecurity-magazine.com/news/sap-netweaver-vulnerability/" target="_blank"><em>Read more on SAP cybersecurity threats: SAP NetWeaver Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers</em></a></p> <p>Sclafani added: &ldquo;This isn&rsquo;t just a hypothetical risk;CISA has already added this vulnerability [&hellip;] to its [KEV] catalog. This confirms that real-world attacks are happening [&hellip;] The bottom line is, if you&rsquo;re running this software and you haven&rsquo;t patched, you&rsquo;re at serious risk.&rdquo;</p> <p>Pathlock also highlighted a related flaw, CVE-2025-42999, involving insecure deserialization, which has been chained with the uploader bug in attacks.</p> <p>SAP addressed both issues in Security Notes 3594142 and 3604119.</p> <h2>Recommendations for Organizations</h2> <p>To reduce risk, Pathlock advises immediate action:</p> <ul> <li> <p>Apply SAP Security Notes 3594142 and 3604119 across all Java instances</p> </li> <li> <p>Block or restrict access to the vulnerable /developmentserver/metadatauploader endpoint</p> </li> <li> <p>Hunt for signs of compromise using HTTP logs, servlet checks and SIEM alerts</p> </li> <li> <p>If compromised, isolate affected nodes, preserve evidence, rotate credentials and rebuild from a clean baseline</p> </li> </ul> <p>&ldquo;NetWeaver is the web application where these products are hosted,&rdquo;said Nivedita Murthy, senior staff consultant at Black Duck.</p> <p>&ldquo;This vulnerability is critical as it would allow attackers to laterally access other services without authentication and perform higher-level attacks.&rdquo;</p> </div>