A new exploit leveraging two critical vulnerabilities in SAP NetWeaver has been used in active attacks, leading to potential system compromises and data theft. Threat actors, including ransomware groups and espionage crews, are weaponizing these flaws before they could be fully patched. #SAPNetWeaver #CVE202531324 #CVE202542999 #Onapsis
Keypoints
- An exploit chains CVE-2025-31324 and CVE-2025-42999 to bypass authentication and execute remote code on SAP NetWeaver.
- The vulnerabilities were patched by SAP in April and May 2025 but were exploited as zero-days since March.
- Multiple threat groups, including ransomware and espionage actors, have weaponized the flaws for attacks on critical infrastructure.
- The exploit can deploy web shells and conduct living-off-the-land attacks using privileged commands without leaving additional artifacts.
- SAP users are urged to apply updates immediately, restrict internet access, and monitor for signs of compromise.
Read More: https://thehackernews.com/2025/08/public-exploit-for-chained-sap-flaws.html