Intel Name: Threat brief: cve-2025-31324
Date of Scan: May 13, 2025
Impact: Medium
Summary: On April 24, 2025, SAP disclosed CVE-2025-31324, a critical vulnerability (CVSS 10.0) in SAP NetWeaver’s Visual Composer Framework (version 7.50). This flaw allows unauthenticated attackers to upload arbitrary files via the /developmentserver/metadatauploader endpoint, potentially leading to remote code execution and full system compromise. Incident response findings revealed attackers deploying web shells (e.g., helper.jsp, cache.jsp), reverse shells, and reverse SSH SOCKS proxies for persistent access.
