CVE-2025-31324 - Geek Feed

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware

August 1, 2025August 1, 2025 geekfeed0Tagged Actively Exploited, Auto-Color, CVE-2025-31324, Evasion, Initial Access, linux, malware, SAP, vulnerability

Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. Cybersecurity firm Darktrace discovered the attack during an incident response in April 2025, where an investigation revealed that the Auto-Color malware had evolved to include additional advanced evasion tactics. Darktrace reports […]

3 mins read

Ransomware gangs join ongoing SAP NetWeaver attacks

May 19, 2025May 19, 2025 geekfeed0Tagged Actively Exploited, BianLian, CVE-2025-31324, NetWeaver, RansomEXX, ransomware, SAP, vulnerability

Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. SAP released emergency patches on April 24 to address this NetWeaver Visual Composer unauthenticated file upload security flaw (CVE-2025-31324), days after it was first tagged by cybersecurity company ReliaQuest as targeted in the […]

3 mins read

SAP patches second zero-day flaw exploited in recent attacks

May 18, 2025May 18, 2025 geekfeed0Tagged Actively Exploited, CVE-2025-31324, CVE-2025-42999, NetWeaver, SAP, vulnerability, Zero-Day

SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. The company issued security updates for this security flaw (CVE-2025-42999) on Monday, May 12, saying it was discovered while investigating zero-day attacks involving another unauthenticated file upload flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual Composer […]

3 mins read

Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw

April 29, 2025April 29, 2025 geekfeed0Tagged Actively Exploited, Authentication Bypass, CVE-2025-31324, Exposed, NetWeaver, rce, Remote Code Execution, SAP, scanner tool for CVE-2025-31324

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. SAP NetWeaver is an application server and development platform that runs and connects SAP and non-SAP applications across different technologies. Last week, SAP disclosed an unauthenticated file upload vulnerability, tracked as CVE-2025-31324, […]

2 mins read

SAP fixes suspected Netweaver zero-day exploited in attacks

April 27, 2025April 27, 2025 geekfeed0Tagged 0day, Actively Exploited, Authentication Bypass, CVE-2025-31324, rce, Remote Code Execution, SAP, vulnerability, Zero-Day

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. The vulnerability, tracked under CVE-2025-31324 and rated critical (CVSS v3 score: 10.0), is an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer, specifically the Metadata Uploader component. It allows attackers to upload malicious executable […]

3 mins read