CVE-2025-31324: SAP NetWeaver Unrestricted File Upload Vulnerability. SAP

SAP NetWeaver Unrestricted File Upload Vulnerability. SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

• CISA KEV-listed (remediation due 2025-05-20)
• used in ransomware campaigns
• EPSS 43.7% (97.6% percentile)

Detection rules

• Potential SAP NetWeaver Webshell Creation - Linux medium
• Potential SAP NetWeaver Webshell Creation medium
• Suspicious Child Process of SAP NetWeaver - Linux medium
• Suspicious Child Process of SAP NetWeaver medium
• Potential SAP NetViewer Webshell Command Execution high
• Potential Java WebShell Upload in SAP NetViewer Server high

Browse the CVE database

Read the full analysis on IntelFusions