The Hacker News

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary ...
Bleeping Computer

SAP fixes maximum severity NetWeaver command execution flaw

SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. SAP NetWeaver is the foundation for SAP's business ...
Infosecurity-magazine.com

Public Exploit Released for Critical SAP NetWeaver Flaw

A critical vulnerability in SAP NetWeaver AS Java Visual Composer, tracked as CVE-2025-31324, is now being widely exploited following the release of public exploit tooling. The flaw, patched in April ...
SecurityWeek

Critical Vulnerability Patched in SAP NetWeaver

Enterprise software maker SAP on Tuesday announced the release of 14 new security patches as part of its June 2025 Security Patch Day, including a note addressing a critical-severity vulnerability in ...
搜狐

SAP NetWeaver面临新一轮攻击,勒索软件团伙趁机而入

近期,SAP NetWeaver的安全形势愈加严峻,多个勒索软件团伙开始针对该平台进行攻击。根据网络安全公司ReliaQuest的报告,BianLian和RansomEXX等已知勒索软件家族正在利用SAP NetWeaver Visual Composer中的一个严重漏洞。 这一漏洞被标记为CVE-2025-31324,SAP在4月底已对此进行了 ...
TechRadar

SAP NetWeaver woes worsen as ransomware gangs join the attack

BianLian, RansomEXX, and others, are jumping the NetWeaver bandwagon In late April, SAP fixed a 10/10 bug in NetWeaver Visual Composer Metadata Uploader Researchers claim there are 1,200 vulnerable ...
搜狐

警惕!SAP NetWeaver新漏洞曝光,企业需立即修复

据香港IDC新天域互联了解,近日,SAP公司发布了针对其NetWeaver服务器的第二个零日漏洞的补丁,进一步加强了企业用户的安全防护。这一新漏洞(CVE-2025-42999)在近期攻击中被利用,SAP对此表示高度重视,并呼吁所有用户尽快更新系统。 此次补丁发布是在发现另 ...
techzine

SAP releases patch for second zero-day vulnerability in NetWeaver

SAP has released security updates to address a second vulnerability recently exploited in attacks on SAP NetWeaver servers. This is a zero-day vulnerability. The patch for this new vulnerability, ...
TechRadar

SAP patches recently exploited zero-day in wake of NetWeaver server attacks

SAP fixed CVE-2025-42999, a 9.1/10 vulnerability in NetWeaver This one was chained with CVE-2025-31324, which was fixed in April Fortune 500 companies are apparently at risk SAP has patched a critical ...
heise online

SAP Patchday: Critical Netweaver gap and many more fixed

SAP publishes a total of 16 new security alerts in May 2025. Some of them deal with critical security vulnerabilities in various products from the company's business software catalog. SAP's patchday ...
techzine

SAP confirms NetWeaver vulnerability is being actively exploited

Software supplier SAP warns of active exploitation of a critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer. Attackers are not only exploiting the vulnerability, they are also ...
Yahoo Finance

Critical vulnerability in SAP NetWeaver Visual Composer leads to confirmed compromises

This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. A critical vulnerability in SAP NetWeaver ...