Overview
CVE-2025-31324 exposes a critical vulnerability in SAP NetWeaver Visual Composer development server, specifically in the Metadata Uploader component. The flaw enables unauthenticated attackers to upload malicious binaries without proper authorization, resulting in potential full compromise of the host system.
Technical Details
This vulnerability arises due to a missing authorization check (CWE-434: Unrestricted Upload of File with Dangerous Type). The Metadata Uploader allows file submissions without verifying the origin or privileges of the request. Consequently, an attacker can send specially crafted executable files over HTTP, leading to remote code execution, data breaches, or system outages.
CVSS Score and Vector
- Base Score: 10.0 (Critical)
- Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact: High (Confidentiality, Integrity, Availability)
Affected Product
- SAP NetWeaver (Visual Composer development server), Version: VCFRAMEWORK 7.50
Mitigation and Recommendations
SAP has issued security patches addressing this vulnerability in its April 2025 Security Patch Day. Organizations using affected systems should:
- Apply the latest SAP patches immediately.
- Restrict network access to the Visual Composer development server.
- Audit access logs for signs of unauthorized file uploads.
- Review and enforce strict authorization policies on all upload mechanisms.
Active Exploitation
Reports confirm that this vulnerability is under active exploitation in the wild. Security teams should treat this as a high-priority incident and verify whether their environments show any indication of compromise.
For further details, consult the following resources:
Leave a Reply