Summary: A critical unauthenticated file upload vulnerability (CVE-2025-31324) impacting over 1,200 internet-exposed SAP NetWeaver instances has been actively exploited, allowing attackers to execute arbitrary code and hijack servers. Multiple cybersecurity firms have confirmed ongoing attacks, with a significant number of compromised instances identified. SAP has released workarounds and security updates to mitigate this vulnerability but advises immediate action to reduce risks.
Affected: SAP NetWeaver Platforms
Keypoints :
- Over 1,200 SAP NetWeaver instances are publicly exposed and vulnerable to exploitation.
- The vulnerability allows unauthorized file uploads that can lead to complete server compromise.
- Firms including Oynphe report that many affected servers belong to high-profile Fortune 500 companies.
- Recommended mitigations include applying the latest security updates and restricting access to vulnerable endpoints.
- Security tools are available to help identify at-risk systems within large environments.