SAP disclosed a critical zero-day vulnerability, identified as CVE-2025-31324, in its NetWeaver Visual Composer component. This vulnerability, with a maximum CVSSv3 severity score of 10.0, stems from a missing authorization check within the Metadata Uploader module of Visual Composer. When exploited, it allows unauthenticated attackers to upload arbitrary malicious files via specially crafted POST requests to […]

The post SAP NetWeaver 0-Day Flaw Actively Exploited to Deploy Webshells appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Source: gbHackers
Source Link: https://gbhackers.com/sap-netweaver-0-day-flaw/