CyberSecurityBoard
Sponsor Register Login

SAP NetWeaver 0-day Vulnerability Exploited in the Wild to Deploy Webshells

In April 2025, security researchers at ReliaQuest identified a series of incidents where threat actors leveraged this flaw to upload and execute webshells in publicly accessible directories, raising concerns of a zero-day remote file inclusion (RFI) vulnerability that had not been previously reported or patched. A wave of targeted cyberattacks has exposed a previously unknown vulnerability in SAP NetWeaver, allowing attackers to deploy malicious JSP webshells and gain unauthorized access to enterprise systems, even those running the latest patches. Threat actors leveraged a Remote File Inclusion (RFI) vulnerability, a class of flaw in which unsanitized user input allows arbitrary files to be uploaded and executed on the server.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 25 Apr 2025 05:55:12 +0000


Cyber News related to SAP NetWeaver 0-day Vulnerability Exploited in the Wild to Deploy Webshells

Detecting And Investigating Webshells In Compromised CMS Environments - By understanding their attack vectors, employing advanced detection techniques, and following a structured investigation and remediation process, organizations can effectively defend against these persistent backdoors and maintain the integrity and ...
7 months ago Cybersecuritynews.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers - The exploitation technique uses HTTP request smuggling to bypass security controls and trigger a memory corruption vulnerability. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability ...
7 months ago Cybersecuritynews.com CVE-2023-7629
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Enterprise software maker SAP this week announced the release of 10 new and two updated security notes as part of its first Security Patch Day of 2024. Rated 'hot news', the highest rating in SAP's notebook, two of the new and one of the updated ...
1 year ago Securityweek.com CVE-2023-49583 CVE-2023-50422
The Biggest SAP Cybersecurity Mistake Businesses Make-And How To Prevent It - There are no small mistakes-every mistake in cybersecurity is potentially catastrophic. Several oversights that have quietly grown into some of the most significant cybersecurity missteps can be found within SAP software configurations and include ...
2 years ago Cybersecurity-insiders.com
Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw - Researchers reported that the threat actors are utilizing webshells with names like, "cache.jsp" and "helper.jsp." Howver, Nextron Research says they are also using random names, making it more difficult to find vulnerable Netweaver ...
8 months ago Bleepingcomputer.com CVE-2025-31324
Chinese Hackers Exploit SAP NetWeaver 0-Day Vulnerability To Attack Critical Infrastructures - In April 2025, security researchers identified a sophisticated campaign targeting critical infrastructure networks worldwide through a previously unknown vulnerability in SAP NetWeaver Visual Composer. The vulnerability, tracked as CVE-2025-31324, ...
7 months ago Cybersecuritynews.com CVE-2025-31324
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild - Discovered in April 2025 by ReliaQuest security researchers during incident response activities, the vulnerability has already been weaponized in attacks against organizations running even fully-patched SAP installations. Organizations using SAP ...
8 months ago Cybersecuritynews.com CVE-2025-31324
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
SAP fixes suspected Netweaver zero-day exploited in attacks - "Unauthenticated attackers can abuse built-in functionality to upload arbitrary files to an SAP NetWeaver instance, which means full Remote Code Execution and total system compromise," stated watchTowr CEO Benjamin Harris. The vulnerability, ...
8 months ago Bleepingcomputer.com CVE-2025-31324
SAP NetWeaver 0-Day Vulnerability Exploited in the Wild to Deploy Webshells - This vulnerability stems from a missing authorization check in the Metadata Uploader component, allowing unauthenticated attackers to upload malicious executable files by sending specially crafted POST requests to the ...
8 months ago Cybersecuritynews.com
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Enterprise software maker SAP on Tuesday announced the release of 14 new and three updated security notes as part of its May 2024 Security Patch Day. Two new and one updated security notes are rated 'hot news', the highest severity in SAP's playbook, ...
1 year ago Securityweek.com CVE-2019-17495 CVE-2022-36364 CVE-2024-33006
SAP fixes critical Netweaver flaw exploited in attacks - "Unauthenticated attackers can abuse built-in functionality to upload arbitrary files to an SAP NetWeaver instance, which means full Remote Code Execution and total system compromise," stated watchTowr CEO Benjamin Harris. The vulnerability, ...
8 months ago Bleepingcomputer.com CVE-2025-31324
SAP NetWeaver 0-day Vulnerability Exploited in the Wild to Deploy Webshells - In April 2025, security researchers at ReliaQuest identified a series of incidents where threat actors leveraged this flaw to upload and execute webshells in publicly accessible directories, raising concerns of a zero-day remote file inclusion (RFI) ...
8 months ago Cybersecuritynews.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 year ago Bleepingcomputer.com CVE-2024-27834
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Chinese hackers behind attacks targeting SAP NetWeaver servers - SAP released an out-of-band emergency patch on April 24 to address this unauthenticated file upload security flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual Composer, days after cybersecurity company ReliaQuest first detected the ...
7 months ago Bleepingcomputer.com CVE-2025-31324
Hackers Exploiting SAP NetWeaver Vulnerability to Deploy Auto-Color Linux Malware - In April 2025, cybersecurity firm Darktrace successfully detected and contained an attack that exploited CVE-2025-31324, a critical vulnerability in SAP NetWeaver, to deploy the stealthy Auto-Color backdoor malware over three days. A sophisticated ...
4 months ago Cybersecuritynews.com CVE-2025-31324
SAP NetWeaver Vulnerabilities: Critical Flaws and Security Risks - SAP NetWeaver, a widely used technology platform for integrating business processes and databases, has been found to contain several critical vulnerabilities that pose significant security risks to enterprises globally. These vulnerabilities, if ...
2 months ago Cybersecuritynews.com CVE-2023-XXXX CVE-2023-YYYY CVE-2024-ZZZZ APT28 Lazarus Group
North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2023-22515 APT28 APT29 BianLian
Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications - In case you missed it, in the first part of this series we talked about the importance of hardening security for the application layer as part of your proactive approach to mitigating ransomware. We know exploited vulnerabilities are the most common ...
2 years ago Securityboulevard.com
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
2 years ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273 CVE-2021-1435
The Biggest Tech Talent Gap Can Be Found in the SAP Ecosystem - They're not just looking for people who can write code; they want individuals who can implement, integrate, and run a variety of software platforms crucial for modern businesses. A recent Forbes case study explored dynamic areas like cybersecurity, ...
1 year ago Cysecurity.news
SAP NetWeaver Vulnerability Exposes Critical Systems to Attack - SAP NetWeaver, a widely used technology platform for integrating business processes and databases, has been found to contain a critical security vulnerability. This flaw allows attackers to potentially execute arbitrary code remotely, posing a ...
3 months ago Cybersecuritynews.com CVE-2024-12345
newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-46747 CVE-2023-46748 CVE-2023-22515 APT29 Rocke BianLian

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)