SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324) - Vulnerability Database

SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324)

Description

The Metadata Uploader component of SAP NetWeaver Visual Composer improperly validates user authorization, allowing unauthenticated attackers to upload arbitrary files to the server. This vulnerability can be exploited to achieve remote code execution (RCE), leading to full system compromise.

Remediation

Upgrade to the latest version of SAP Visual Composer

References

SAP Security Patch Day - April 2025

Critical SAP NetWeaver Vulnerability (CVE-2025-31324) Fixed: Actively Exploited in the Wild

Related Vulnerabilities

Severity

Critical

Classification

CVE-2025-31324

CWE-434

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H