Cybercriminals are exploiting a critical SAP NetWeaver vulnerability (CVE-2025-31324) to upload malicious files remotely, leading to potential system compromise. Ransomware groups like RansomEXX, BianLian, and Chinese APTs are actively targeting unpatched servers worldwide.
Affected: SAP NetWeaver systems, critical infrastructure, federal agencies
Affected: SAP NetWeaver systems, critical infrastructure, federal agencies
Keypoints
- Threat actors are exploiting an unpatched SAP NetWeaver vulnerability for remote code execution.
- Ransomware groups like RansomEXX and BianLian have joined the ongoing attacks targeting this flaw.
- Multiple Chinese threat groups are backdooring SAP systems, including critical infrastructure worldwide.
- SAP released emergency patches on April 24 to fix the critical CVE-2025-31324 flaw and another zero-day.
- Organizations are advised to patch their systems, restrict access, and monitor for suspicious activities to prevent breaches.
Read More: https://www.bleepingcomputer.com/news/security/ransomware-gangs-join-ongoing-sap-netweaver-attacks/