Attackers have been exploiting a crucial zero-day vulnerability within the Visible Composer element of the SAP NetWeaver software server since early this week. SAP launched an out-of-band repair that’s obtainable by way of its assist portal and it needs to be utilized instantly, particularly on programs which are instantly uncovered to the web.
“Unauthenticated attackers can abuse built-in performance to add arbitrary information to an SAP NetWeaver occasion, which implies full distant code execution and complete system compromise,” Benjamin Harris, CEO of cybersecurity agency WatchTowr, informed CSO. “This isn’t a theoretical menace — it’s occurring proper now. WatchTowr is seeing lively exploitation by menace actors, who’re utilizing this vulnerability to drop net shell backdoors onto uncovered programs and acquire additional entry.”
The vulnerability, tracked as CVE-2025-31324, obtained the utmost severity rating of 10 on the CVSS scale. Prospects ought to apply the repair in SAP Safety Notice 3594142 (requires authentication), but when they’ll’t instantly they need to disable or forestall entry to the weak element by following directions in SAP observe 3596125, researchers from SAP-focused safety agency Onapsis mentioned in an advisory.
