Warnung vor Angriffen auf neue #SAP-#Netweaver-Lücke, #Chrome und #Draytek-Router | Security https://www.heise.de/news/Warnung-vor-Angriffen-auf-neue-SAP-Netweaver-Luecke-Chrome-und-Draytek-Router-10385563.html #Patchday #SAPNetweaver #Vigor2960 #Vigor300B #DraytekVigor2960 #DraytekVigor300B #Google :google: #GoogleChrome #ChromeBrowser
#NetWeaver
#SAP-#Netweaver-Lücke: #Ransomware-Gruppen springen auf | Security https://www.heise.de/news/SAP-Netweaver-Luecke-Ransomware-Gruppen-springen-auf-10384918.html #Malware #CyberCrime #Patchday
Chinese #Hackers #Exploit SAP #RCE Flaw CVE-2025-31324, Deploy Golang-Based #SuperShell
CVE-2025-31324 refers to a critical #SAP #NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint
#security
https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html
Chinese hackers behind attacks targeting #SAP #NetWeaver servers
Experts warn of a second wave of attacks targeting #SAP #NetWeaver bug CVE-2025-31324
https://securityaffairs.com/177522/hacking/experts-warn-of-a-second-wave-of-attacks-targeting-sap-netweaver-bug-cve-2025-31324.html
#securityaffairs #hacking
Over 1,200 #SAP #NetWeaver servers vulnerable to actively exploited flaw
Una nueva #vulnerabilidad crítica de #SAP #NetWeaver está siendo explotada para cargar #webshell a través de #BruteRatel Framework
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/nueva-vulnerabilidad-critica-de-sap-netweaver-esta-siendo-explotada-para-cargar-web-shell-a-traves-de-brute-ratel-framework/
A critical SAP vulnerability scoring 10/10 is actively being exploited to deploy ransomware across enterprise systems. Security experts from ReliaQuest warn this zero-day flaw in NetWeaver could compromise corporate and government data worldwide. Learn how to protect your organization now.
#SecurityLand #CyberWatch #ZeroDay #Vulnerability #SAP #NetWeaver #EnterpriseSecurity
🚨 SAP NetWeaver Zero-Day Under Active Exploitation — Patch Immediately
SAP has released an out-of-band emergency update to fix a critical zero-day vulnerability (CVE-2025-31324) in NetWeaver Visual Composer — and it’s already being exploited in the wild.
The flaw (CVSS 10.0) allows unauthenticated remote attackers to upload malicious files and gain full remote code execution — no login required.
Here’s what’s happening:
- Threat actors are abusing the `/developmentserver/metadatauploader` endpoint
- They're dropping JSP web shells and executing commands directly from browsers
- Post-exploitation activity includes tools like Brute Ratel and MSBuild injection for stealth
- Even fully patched systems were compromised — confirming this was a true zero-day
Both ReliaQuest and watchTowr have confirmed active exploitation, with attackers already moving to establish persistence and lateral movement.
Who’s affected:
- SAP NetWeaver Visual Composer 7.50 environments
- Systems exposed to the internet, especially if Visual Composer is enabled
What you need to do:
- Apply the emergency patch from SAP (released after the April 8 update)
- If you can’t patch immediately:
- Restrict access to the vulnerable endpoint
- Disable Visual Composer if unused
- Forward logs to SIEM and scan for unauthorized servlet uploads
Also included in the emergency update:
- CVE-2025-27429 — Code injection in SAP S/4HANA
- CVE-2025-31330 — Code injection in SAP Landscape Transformation
In a world where zero-days are increasingly exploited within hours of discovery, patching isn’t optional — it’s urgent.
#SAP fixes suspected #Netweaver zero-day exploited in attacks
Critical SAP NetWeaver zero-day (CVE-2025-31324) actively exploited; patch now! #SAP #NetWeaver #Cybersecurity
More details: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html - https://www.flagthis.com/news/13865
#SAP #NetWeaver zero-day allegedly exploited by an initial access broker
https://securityaffairs.com/176983/hacking/sap-netweaver-zero-day-allegedly-exploited-by-an-initial-access-broker.html
#securityaffairs #hacking #malware
#SAP has released software updates to address critical vulnerabilities in #NetWeaver
One critical vulnerability is tracked as CVE-2025-0070, and when exploited, allows an attacker to escalate privileges. The other critical vulnerability is tracked as CVE-2025-0066, and when exploited, allows an attacker to access data within the application.
Administrators are advised to patch ASAP
SAP fixes critical vulnerabilities in NetWeaver application servers
https://www.bleepingcomputer.com/news/security/sap-fixes-critical-vulnerabilities-in-netweaver-application-servers/
#Infosec #Security #Cybersecurity #CeptBiro #SAP #Vulnerabilities #NetWeaver #ApplicationServers
SAP Patches Critical Vulnerabilities in NetWeaver
https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-netweaver/
#Infosec #Security #Cybersecurity #CeptBiro #SAP #CriticalVulnerabilities #NetWeaver
#SAP fixed critical SSRF flaw in #NetWeaver's Adobe Document Services
https://securityaffairs.com/171839/security/sap-fixed-critical-ssrf-flaw-netweaver.html
#securityaffairs #hacking
Redes e Netweavers:
#Netweaving : A arte de tecer/desvelar/perceber/sentir/se mover/pensar... em redes.
#Netweaver : Se você é um netweaver, em tudo que faz você vê redes.
...
https://open.substack.com/pub/mariatherezadoamaral/p/redes-e-netweavers
Aufgrund von mehreren Schwachstellen könnte betriebswirtschaftliche Software von SAP als Einfallstor für Angreifer dienen.
Patchday: SAP stopft kritische Sicherheitslücken in Business One & Co.
Patchday: SAP stopft kritische Sicherheitslücken in Business One & Co.
Im Zentrum von SAPs Security-Patchday steht diesmal NetWeaver mit Sicherheitslücken von "High" bis "Critical". Aber auch weitere Produkte wurden abgesichert.
Patchday: SAP NetWeaver AS für ABAP & Java erhält viele wichtige Lücken-Fixes
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst