- SAP revealed a 10/10 defect in Netweaver Visual Composer
- The error allows threat actors to load malware
- The researchers claim that up to 1,200 instances are vulnerable
More than 1,200 SAP instances are at risk of being kidnapped, researchers say, since a critical vulnerability was found that abused nature. Earlier this week, SAP said it found a non -authenticated file load vulnerability in the Netweaver Visual Composer metadata charger component.
Visual Composer is a development tool that allows users to create web -based commercial applications without writing code. It is mainly used to create panels, forms and interactive reports. The metadata charger, on the other hand, is a tool to import external data models (metadata) in the design environment of the visual composer. This allows developers to connect to remote data sources (web services, databases or SAP systems).
The vulnerability that SAP is now traces as CVE-2025-31324. It carries the maximum gravity score (10/10), and derives from the fact that the charger is not protected with the appropriate authorization, which allows non -authenticated actors to load malicious executable executables.
Fortune 500 at risk
When he discovered the error, SAP first launched an alternative solution, and then at the end of April, a patch.
Now, users are advised to apply it as soon as possible, since multiple cyber security firms confirmed that the defect was abused in nature. According to Bleepingcomputer, Reliaquest, Watchtowr and Osapses, they are just some of the companies that observed that the error was exploited in attacks in which the threat actors were dropping web projectiles into vulnerable servers.
SAP, however, told Bleepingcompter that it is not aware of any attacks that affect customer data or systems.
The jury is still available on how many organizations are really vulnerable. While the Shadowserver Foundation states that 427 servers are exposed on the Internet, Onyphe says there are 1,284 cases, 474 of which they are already compromised.
“Something like 20 Fortune 500/Global 500 companies are vulnerable, and many of them are compromised,” Bleepingcomuter Onyphe Cto Patrice AUffret told Bleepingcomuter.
Through Bleepingcomputer
