PULSE
EN VIVO41señales / 24h
FEED
ransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Foundransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Found
← Todos los CVEs
CVE Watch

CVE-2025-31324

SAP NetWeaver Unrestricted File Upload Vulnerability

CVSS

Sin CVSS

EPSS

99.4%

p100

KEV

29 abr 2025

Exploit Today

80

0-100

Publicado: · Última mod.:

EPSS · 30d
99.4%EPSS · 30 días99.4%
2026-06-302026-07-16
Ficha del catálogo KEV

Producto

SAP / NetWeaver

Vulnerabilidad

SAP NetWeaver Unrestricted File Upload Vulnerability

Añadido a KEV

29 abr 2025

Remediar antes de

20 may 2025

Uso conocido en ransomware

Descripción resumida

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

Acción requerida

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notas

https://me.sap.com/notes/3594142 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31324

CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2020-6287
99.8%
KEV80SAP NetWeaver Missing Authentication for Critical Function Vulnerability
CVE-2017-12637
99.8%
KEV80SAP NetWeaver Directory Traversal Vulnerability
CVE-2016-2386
99.3%
KEV80SAP NetWeaver SQL Injection Vulnerability
CVE-2016-2388
98.8%
KEV80SAP NetWeaver Information Disclosure Vulnerability
CVE-2016-3976
98.7%
KEV80SAP NetWeaver Directory Traversal Vulnerability
CVE-2021-38163
98.3%
KEV79SAP NetWeaver Unrestricted File Upload Vulnerability