SAP NetWeaver Under Siege: Cyber Boogeymen Exploit Zero-Day Bug in Second Wave

Cyber villains are back at it again, targeting the SAP NetWeaver bug CVE-2025-31324. This sequel of attacks exploits webshells from the zero-day vulnerability. Researchers have released tools to detect these crafty intrusions, but it seems the bad guys are enjoying their extended stay. Patch those vulnerabilities before the cyber circus comes to town!

3P
Published: May 6, 2025 2:38 pmAdded: May 6, 2025 at 8:08 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like the hackers are back for round two, and they brought their webshells to the SAP NetWeaver party! Who knew the most popular club in town would be named CVE-2025-31324? SAP better hire some bouncers fast, before their systems get more crowded than a Black Friday sale!

Key Points:

  • SAP NetWeaver hit by a second wave of attacks exploiting zero-day vulnerability CVE-2025-31324.
  • ReliaQuest found the flaw in the SAP NetWeaver Visual Composer Metadata Uploader.
  • Attackers used malicious JSP webshells for remote command execution.
  • Onapsis and Mandiant released an open-source scanner to detect exploitation attempts.
  • CISA demands federal agencies patch the vulnerability by May 20, 2025.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?