SAPocalypse Now: Second Wave of Zero-Day Attacks Hits NetWeaver!

Threat actors have launched a second wave of attacks against SAP NetWeaver instances compromised by a zero-day vulnerability, CVE-2025-31324. This flaw, rated a perfect 10, was disclosed in April 2025. Despite patches, opportunistic hackers are back for round two, proving once again that zero-days are the ultimate party crashers.

3P
Published: May 6, 2025 12:41 pmAdded: May 6, 2025 at 6:04 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who let the bugs out? SAP’s NetWeaver is apparently the latest playground for cyber bandits, with threat actors coming back for an encore performance. We thought zero-days were a one-time gig, but looks like they’re headlining again with a vulnerability so serious, it scored a perfect 10! Time to patch those instances, because it seems like the hackers are here for a long-term residency.

Key Points:

– CVE-2025-31324, a zero-day vulnerability in SAP NetWeaver, has a CVSS score of 10/10.
– Threat actors are exploiting this flaw to upload malicious files and deploy JSP webshells.
– A second wave of attacks is leveraging pre-existing webshells from the initial assault.
– Onapsis and Mandiant have released an open-source scanner to detect indicators of compromise.
– Over 200 NetWeaver instances remain vulnerable, with CISA urging patches by May 20.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?