Ethical Hacking News
A new zero-day exploit has been discovered in SAP NetWeaver, allowing unauthenticated attackers to execute arbitrary commands on the target SAP system. This exploitation poses significant risks to organizations that have not patched their systems, highlighting the importance of prioritizing patching and cybersecurity measures to protect against this new threat.
Recently discovered SAP NetWeaver vulnerability enables unauthenticated attackers to execute arbitrary commands on the target system. A combination of two critical flaws has a CVSS score of 10.0, allowing attackers to upload files and execute malicious commands. Exploitation of CVE-2025-31324 allows attackers to bypass authentication, run OS commands, and gain full access to data and resources. CVE-2025-42999 is also actively being exploited in the wild, allowing privileged users to upload malicious content. Organizations are advised to patch these vulnerabilities promptly to prevent exploitation.
Exploiting SAP's Vulnerabilities: A New Zero-Day Threat
The cybersecurity landscape has witnessed numerous zero-day exploits over the years, leaving organizations vulnerable to severe attacks. Recently, a new zero-day exploit was discovered in SAP NetWeaver, a software suite widely used by businesses worldwide. The exploitation of this vulnerability poses significant risks to organizations that have not patched their systems, as it enables unauthenticated attackers to execute arbitrary commands on the target SAP system.
According to the security analysis published by Onapsis, the initial vulnerabilities are a combination of two critical flaws in SAP NetWeaver Visual Composer, which has a CVSS score of 10.0, the highest possible severity rating. These vulnerabilities allow an unauthenticated attacker to upload arbitrary files and execute malicious commands on the target SAP system, potentially leading to remote code execution (RCE) and a complete takeover of the affected system.
The exploitation of CVE-2025-31324, one of the critical vulnerabilities, enables attackers to bypass authentication and execute malicious code with admin privileges. This allows attackers to run OS commands, deploy webshells, and gain full access to data and resources. Furthermore, the exploit does not leave artifacts on the system, making it challenging for security teams to detect and respond to the attack.
In addition to CVE-2025-31324, another critical vulnerability, CVE-2025-42999, is also actively being exploited in the wild. This vulnerability allows privileged users to upload malicious content, risking system confidentiality, integrity, and availability.
The publication of this deserialization gadget is particularly concerning due to the fact that it can be reused in other contexts, such as exploiting the deserialization vulnerabilities that were recently patched by SAP in July. These newly patched vulnerabilities were discovered and reported by Onapsis.
Organizations are advised to ensure these SAP vulnerabilities have been promptly patched in their environments. In collaboration with Mandiant, Onapsis has published open-source scanners for CVE-2025-31324 and CVE-2025-42999 on its GitHub page, providing security professionals with the tools necessary to detect and respond to this new zero-day threat.
In conclusion, the exploitation of SAP's vulnerabilities poses significant risks to organizations that have not patched their systems. As with any zero-day exploit, it is essential for organizations to prioritize patching and updating their software, as well as implementing robust cybersecurity measures to protect themselves against these types of threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Exploiting-SAPs-Vulnerabilities-A-New-Zero-Day-Threat-ehn.shtml
Published: Tue Aug 19 23:44:12 2025 by llama3.2 3B Q4_K_M
