Unauthenticated File Upload in SAP NetWeaver

Published on 17-Apr-2025
Updated:
30-Apr-2025
Status:
 
Active
CVEs:
CVE-2025-31324

Fortra is actively researching a vulnerability impacting SAP NetWeaver: CVE-2025-31324: CVSS 3.1: 10.

SAP NetWeaver Visual Composer contains an unauthenticated file upload in the /developmentserver/metadatauploader endpoint. A malicious actor could upload JSP-based web shells to the servlet_jsp/irj/root path.

Who is affected?

SAP NetWeaver Visual Composer is affected by CVE-2025-31324.

SAP has limited access to this advisory, and we are unaware of which platforms are impacted. If you are an SAP customer, see https://me.sap.com/notes/3594142 for more information.

What can I do?

For SAP's solution to this vulnerability and any potential mitigations they may have shared, SAP customers can log in and view the vulnerability note at https://me.sap.com/notes/3594142.

How is Fortra helping me?

Fortra is actively researching this threat to build detection capabilities.

FusionVM: Fortra has added an unauthenticated network check to the FusionVM scanner on April 29, 2025, for EID=307042.

Updates

Fortra has kicked off the Emerging Threats process for this vulnerability. We will update this article with new information about this vulnerability and related security coverage as it becomes available.

04/29/2025: Fortra added a network check to FusionVM.

Recent Emerging Threats
:
CrushFTP Authentication Bypass
:
Multiple Vulnerabilities Impacting VMware ESXi, Workstation, and Fusion Updates
:
Multiple Vulnerabilities Impacting rsync
:
Multiple Vulnerabilities Impacting ingress-nginx Controller for Kubernetes
:
FortiOS & FortiProxy: Authentication Bypass in Node.js Websocket Module
Security Alerts in Your Inbox. We will watch for emerging threats; you can watch for our email.