SAP has released a patch for a critical vulnerability in its NetWeaver Visual Composer platform after observing active exploitation attempts. The vulnerability, rated a maximum 10.0 on the CVSS scale and tracked as CVE-2025-31324, allows attackers to upload malicious webshells to compromised systems.Security researchers at ReliaQuest initially suspected the flaw to be a remote file inclusion (RFI) issue but later confirmed it as an unrestricted file upload vulnerability. This type of vulnerability lets attackers place unauthorized files directly onto the system, creating serious risks for organizations relying on SAP for critical business functions. ReliaQuest discovered the vulnerability while investigating exploitation attempts linked to an older issue, CVE-2017-9884, which had previously enabled denial-of-service attacks and code execution.SAP NetWeaver plays a central role in enabling organizations to create custom web applications, often serving as the bridge between internal systems and external partners. Because of its necessity to be internet-facing, NetWeaver becomes a valuable target for threat actors seeking insight into business operations and financial flows.In response to the new vulnerability, security experts recommend that organizations not only apply SAP’s latest patch but also take additional precautions. Suggested actions include disabling the deprecated SAP NetWeaver Visual Composer component by shutting down the "developmentserver" application alias, restricting access to development endpoints, and monitoring systems closely for anomalous behavior that could indicate active exploitation.Organizations should also plan for the longer-term transition away from SAP NetWeaver, as the platform is scheduled for end-of-support in 2027. Strengthening defenses around internet-facing applications, including the use of strong web application firewalls and endpoint detection and response (EDR) tools, remains a critical step in reducing exposure to future vulnerabilities.
Cloud Security, Cybersecurity daily news, Application security, Patch/Configuration Management
SAP Patches Critical Zero-Day Vulnerability in NetWeaver Visual Composer
(Adobe Stock)
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Suparna Chawla Bhasin
Suparna serves as Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She plays a key role in content development, optimizing editorial workflows, aligning storytelling with audience needs, and collaborating across teams to deliver timely, high-impact content. Her background spans technology, media, and education, and she brings a unique blend of strategic thinking, creativity, and executional excellence to every project.
You can skip this ad in 5 seconds