Ethical Hacking News
SAP has released security patches for a second zero-day flaw exploited in recent attacks targeting SAP NetWeaver servers, bringing the total number of affected vulnerabilities to two. The company urges all customers using SAP NETWEAVER to install these patches immediately to protect themselves from potential attacks.
SAP has released security patches for a newly discovered zero-day vulnerability (CVE-2025-42999) to enhance customer security. A second zero-day vulnerability (CVE-2025-31324) was recently exploited, allowing attackers to breach customers' systems without their knowledge or consent. SAP urges all customers using SAP NetWeaver to install the patches immediately to protect themselves from potential attacks. The use of zero-day vulnerabilities is a growing concern in cyber attacks, highlighting the importance of regular patching and security updates. Organizations must remain vigilant and proactive in their cybersecurity efforts and take immediate action to patch known vulnerabilities.
SAP has taken decisive action to address a second zero-day vulnerability that was recently exploited in attacks targeting SAP NetWeaver servers. The company released security patches for this newly discovered flaw (CVE-2025-42999) on Monday, May 12, as part of its ongoing efforts to enhance the security posture of its customers.
The release of these patches comes hot on the heels of another zero-day vulnerability that was exploited in April (tracked as CVE-2025-31324), which was discovered by ReliaQuest. In this incident, threat actors were able to upload malicious code to public directories and exploit a zero-day vulnerability in SAP NetWeaver Visual Composer, breaching customers' systems without their knowledge or consent.
According to SAP, the company is aware of and has been actively addressing vulnerabilities in SAP NETWEAVER Visual Composer for some time. The company urges all customers using SAP NETWEAVER to install these patches immediately to protect themselves from potential attacks. The Security Notes for these patches can be found on the SAP website.
The discovery of this second zero-day vulnerability is a significant development in the ongoing saga of cyber threats targeting SAP NetWeaver servers. It highlights the importance of regular patching and security updates, as well as the need for organizations to stay vigilant and proactive in their cybersecurity efforts.
In recent weeks, several other companies have been affected by similar attacks, with some reports indicating that over 1,200 SAP NetWeaver servers were left vulnerable to exploitation online. The attacks were also linked to a Chinese threat actor known as Chaya_004, who has been tracked by Forescout's Vedere Labs.
The use of zero-day vulnerabilities in cyber attacks is a growing concern, with attackers often exploiting previously unknown weaknesses in software and systems to gain unauthorized access and cause harm. In this case, the exploitation of the CVE-2025-42999 vulnerability allowed attackers to execute arbitrary commands remotely and without any type of privileges on the system.
SAP administrators are advised to take immediate action to patch their NetWeaver instances and consider disabling the Visual Composer service if possible, as well as restrict access to metadata uploader services and monitor for suspicious activity on their servers. The use of robust security measures and regular monitoring can help prevent similar attacks in the future.
The incident also serves as a reminder of the importance of cybersecurity awareness and education for organizations and individuals alike. As the threat landscape continues to evolve, it is essential that all stakeholders stay informed and take proactive steps to protect themselves from potential cyber threats.
In related news, the US Cybersecurity and Infrastructure Security Agency (CISA) has added the CVE-2025-31324 flaw to its Known Exploited Vulnerabilities Catalog, ordering federal agencies to secure their systems by May 20. The use of zero-day vulnerabilities in cyber attacks is a growing concern, with attackers often exploiting previously unknown weaknesses in software and systems to gain unauthorized access and cause harm.
In conclusion, the release of security patches for the CVE-2025-42999 vulnerability marks an important step forward in SAP's efforts to address the evolving cybersecurity threat landscape. Organizations must remain vigilant and proactive in their cybersecurity efforts, and take immediate action to patch any known vulnerabilities and protect themselves from potential attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/SAP-Patches-Second-Zero-Day-Flaw-Exploited-in-Recent-Attacks-to-Boost-Security-Measures-ehn.shtml
https://www.bleepingcomputer.com/news/security/sap-patches-second-zero-day-flaw-exploited-in-recent-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-42999
https://www.cvedetails.com/cve/CVE-2025-42999/
https://nvd.nist.gov/vuln/detail/CVE-2025-31324
https://www.cvedetails.com/cve/CVE-2025-31324/
Published: Tue May 13 16:14:57 2025 by llama3.2 3B Q4_K_M
