Ethical Hacking News
Experts warn of a second wave of attacks targeting vulnerable SAP NetWeaver systems amidst growing concerns over zero-day exploitation, as new techniques and vulnerabilities emerge in the ever-evolving threat landscape.
Pierluigi Paganini, a renowned cybersecurity expert, has warned organizations about the imminent threat of a second wave of attacks targeting SAP NetWeaver systems due to their vulnerability. A critical zero-day vulnerability, CVE-2025-31324, in SAP NetWeaver Visual Composer Metadata Uploader allows unauthenticated attackers to upload malicious executable files, potentially leading to a full compromise of the targeted SAP environment. Threat actors are exploiting this vulnerability to launch attacks on vulnerable systems using webshells, highlighting SAP systems as high-value targets for attackers. A second wave of attacks targeting the same vulnerability has been observed, emphasizing the growing concern over zero-day vulnerabilities in various systems. The US cybersecurity agency CISA has added CVE-2025-31324 to its Known Exploited Vulnerabilities (KEV) list, ordering federal agencies to patch it by May 20, 2025. Other zero-day vulnerabilities, such as the Langflow flaw and actively exploited Android flaw CVE-2025-27363, pose significant threats that require timely patching and updates. New techniques, like the "Bring Your Own Installer (BYOI)" method, allow attackers to bypass Endpoint Detection and Response (EDR) systems, highlighting the need for robust security measures. A large-scale smishing operation linked to the Panda Shop Chinese Carding Syndicate demonstrates the growing threat of social engineering attacks.
The recent discovery of a critical zero-day vulnerability, CVE-2025-31324, in SAP NetWeaver Visual Composer Metadata Uploader has raised alarm bells among cybersecurity experts. This vulnerability, which was discovered by ReliaQuest researchers, allows unauthenticated attackers to upload malicious executable files to the system, potentially leading to a full compromise of the targeted SAP environment.
In April, ReliaQuest researchers warned that the zero-day vulnerability in SAP NetWeaver is being exploited by threat actors, who are using webshells from this vulnerability to launch attacks on vulnerable systems. The experts pointed out that SAP systems are high-value targets for attackers due to their use by governments and enterprises.
Onapsis researchers observed a second wave of attacks targeting the same vulnerability, highlighting the growing concern over the exploitation of zero-day vulnerabilities in various systems. On May 5, 2025, Onapsis released an open-source scanner to detect exploitation attempts for CVE-2025-31324, which finds IoCs, scans for suspicious files, and collects them for analysis.
The US cybersecurity agency CISA added the vulnerability CVE-2025-31324 to its Known Exploited Vulnerabilities (KEV) list in April, ordering federal agencies to patch it by May 20, 2025. This warning serves as a reminder to organizations to prioritize patch management and take proactive measures to secure their systems against zero-day vulnerabilities.
The Langflow flaw, recently added to CISA's KEV catalog, has also been identified as a potential target for attackers. Google fixed actively exploited Android flaw CVE-2025-27363 in May 2025, highlighting the importance of staying up-to-date with the latest security patches and updates.
Furthermore, researchers have discovered new techniques, such as the "Bring Your Own Installer (BYOI)" method, which allows attackers to bypass Endpoint Detection and Response (EDR) systems. This vulnerability highlights the need for organizations to stay vigilant and implement robust security measures to prevent attacks.
The Panda Shop Chinese Carding Syndicate has been linked to a large-scale smishing operation, demonstrating the growing threat of social engineering attacks. As cybersecurity threats continue to evolve, it is essential for organizations to remain proactive in their security efforts and invest in the latest technologies and techniques to stay ahead of these threats.
In conclusion, the recent discovery of zero-day vulnerabilities in SAP NetWeaver systems has raised concerns among cybersecurity experts. The growing threat landscape demands that organizations prioritize patch management, implement robust security measures, and stay vigilant against emerging threats. By doing so, they can protect themselves against the growing number of zero-day exploitation attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Experts-Warn-of-Second-Wave-of-Attacks-Targeting-Vulnerable-SAP-NetWeaver-Systems-Amidst-Growing-Concerns-Over-Zero-Day-Exploitation-ehn.shtml
https://securityaffairs.com/177522/hacking/experts-warn-of-a-second-wave-of-attacks-targeting-sap-netweaver-bug-cve-2025-31324.html
https://nvd.nist.gov/vuln/detail/CVE-2025-31324
https://www.cvedetails.com/cve/CVE-2025-31324/
https://nvd.nist.gov/vuln/detail/CVE-2025-27363
https://www.cvedetails.com/cve/CVE-2025-27363/
Published: Tue May 6 11:17:32 2025 by llama3.2 3B Q4_K_M
