CyberSecurityBoard
Sponsor Register Login

CISA Warns of SAP NetWeaver Directory Traversal Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SAP NetWeaver to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to immediately mitigate the risk. The vulnerability, identified as CVE-2017-12637, is a directory traversal flaw in SAP NetWeaver Application Server Java that allows remote attackers to read arbitrary files on affected systems. Organizations are encouraged to integrate this information into their security frameworks, such as the Stakeholder-Specific Vulnerability Categorization (SSVC) model, to better assess and respond to emerging threats. Security researchers have categorized this vulnerability under CWE-22, which refers to the improper limitation of a pathname to a restricted directory, commonly known as a ‘Path Traversal’ flaw. The vulnerability stems from improper input validation in the scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS component, allowing attackers to use directory traversal sequences (e.g., “../”) in the query string to access files outside of the intended directory. Organizations are advised to regularly consult the KEV catalog and other authoritative sources to stay informed about critical vulnerabilities and take swift action to secure their systems against emerging threats. CISA’s KEV catalog serves as a valuable resource in this effort, providing organizations with actionable intelligence to prioritize their security efforts and protect against active threats. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The KEV catalog entry, dated March 19, 2025, highlights the urgency of addressing this vulnerability, which has been observed as being actively exploited in the wild. Exploiting this vulnerability could lead to unauthorized access to sensitive information, potentially compromising the confidentiality and integrity of affected systems. CISA emphasizes using the KEV catalog as a critical input for vulnerability management prioritization.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Mar 2025 11:35:08 +0000


Cyber News related to CISA Warns of SAP NetWeaver Directory Traversal Vulnerability Exploited in Attacks

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
The Biggest SAP Cybersecurity Mistake Businesses Make-And How To Prevent It - There are no small mistakes-every mistake in cybersecurity is potentially catastrophic. Several oversights that have quietly grown into some of the most significant cybersecurity missteps can be found within SAP software configurations and include ...
2 years ago Cybersecurity-insiders.com
SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers - The exploitation technique uses HTTP request smuggling to bypass security controls and trigger a memory corruption vulnerability. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability ...
7 months ago Cybersecuritynews.com CVE-2023-7629
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Enterprise software maker SAP this week announced the release of 10 new and two updated security notes as part of its first Security Patch Day of 2024. Rated 'hot news', the highest rating in SAP's notebook, two of the new and one of the updated ...
1 year ago Securityweek.com CVE-2023-49583 CVE-2023-50422
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
Chinese hackers behind attacks targeting SAP NetWeaver servers - SAP released an out-of-band emergency patch on April 24 to address this unauthenticated file upload security flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual Composer, days after cybersecurity company ReliaQuest first detected the ...
7 months ago Bleepingcomputer.com CVE-2025-31324
CISA Warns of SAP NetWeaver Directory Traversal Vulnerability Exploited in Attacks - The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SAP NetWeaver to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to immediately mitigate the risk. The vulnerability, identified ...
9 months ago Cybersecuritynews.com CVE-2017-12637
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 year ago Therecord.media
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 Akira
Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw - Researchers reported that the threat actors are utilizing webshells with names like, "cache.jsp" and "helper.jsp." Howver, Nextron Research says they are also using random names, making it more difficult to find vulnerable Netweaver ...
7 months ago Bleepingcomputer.com CVE-2025-31324
The Biggest Tech Talent Gap Can Be Found in the SAP Ecosystem - They're not just looking for people who can write code; they want individuals who can implement, integrate, and run a variety of software platforms crucial for modern businesses. A recent Forbes case study explored dynamic areas like cybersecurity, ...
1 year ago Cysecurity.news
SAP fixes critical Netweaver flaw exploited in attacks - "Unauthenticated attackers can abuse built-in functionality to upload arbitrary files to an SAP NetWeaver instance, which means full Remote Code Execution and total system compromise," stated watchTowr CEO Benjamin Harris. The vulnerability, ...
7 months ago Bleepingcomputer.com CVE-2025-31324
SAP fixes suspected Netweaver zero-day exploited in attacks - "Unauthenticated attackers can abuse built-in functionality to upload arbitrary files to an SAP NetWeaver instance, which means full Remote Code Execution and total system compromise," stated watchTowr CEO Benjamin Harris. The vulnerability, ...
7 months ago Bleepingcomputer.com CVE-2025-31324
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Enterprise software maker SAP on Tuesday announced the release of 14 new and three updated security notes as part of its May 2024 Security Patch Day. Two new and one updated security notes are rated 'hot news', the highest severity in SAP's playbook, ...
1 year ago Securityweek.com CVE-2019-17495 CVE-2022-36364 CVE-2024-33006
Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
SAP NetWeaver Vulnerability Exposes Critical Systems to Attack - SAP NetWeaver, a widely used technology platform for integrating business processes and databases, has been found to contain a critical security vulnerability. This flaw allows attackers to potentially execute arbitrary code remotely, posing a ...
3 months ago Cybersecuritynews.com CVE-2024-12345
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania - CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits JetBrains ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 LockBit BianLian
Impact of Remote Work and Cloud Migrations on Security Perimeters - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 APT29 BianLian
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-49103 CVE-2023-22515 APT28 APT29 BianLian
Ransomware gangs join ongoing SAP NetWeaver attacks - Forescout Vedere Labs security researchers have also linked these ongoing attacks to a Chinese threat actor they track as Chaya_004, while EclecticIQ reported on Tuesday that three other Chinese APTs (i.e., UNC5221, UNC5174, and CL-STA-0048) are also ...
7 months ago Bleepingcomputer.com CVE-2025-31324 BianLian RansomEXX
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild - Discovered in April 2025 by ReliaQuest security researchers during incident response activities, the vulnerability has already been weaponized in attacks against organizations running even fully-patched SAP installations. Organizations using SAP ...
7 months ago Cybersecuritynews.com CVE-2025-31324
SAP NetWeaver Vulnerabilities: Critical Flaws and Security Risks - SAP NetWeaver, a widely used technology platform for integrating business processes and databases, has been found to contain several critical vulnerabilities that pose significant security risks to enterprises globally. These vulnerabilities, if ...
2 months ago Cybersecuritynews.com CVE-2023-XXXX CVE-2023-YYYY CVE-2024-ZZZZ APT28 Lazarus Group
Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications - In case you missed it, in the first part of this series we talked about the importance of hardening security for the application layer as part of your proactive approach to mitigating ransomware. We know exploited vulnerabilities are the most common ...
2 years ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)