CVE-2025-31324
SAP NetWeaver Unrestricted File Upload Vulnerability
CVSS
—
No CVSS
EPSS
99.4%
p100
KEV
YES
Apr 29, 2025
Exploit Today
80
0-100
Published: — · Last modified: —
Product
SAP / NetWeaver
Vulnerability
SAP NetWeaver Unrestricted File Upload Vulnerability
Added to KEV
Apr 29, 2025
Remediate by
May 20, 2025
Known ransomware use
Yes
Summary description
SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://me.sap.com/notes/3594142 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31324