SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324)
Description
SAP NetWeaver Visual Composer contains a critical authentication bypass vulnerability in its Metadata Uploader component. The component fails to properly validate user authorization before processing file uploads, allowing unauthenticated remote attackers to upload arbitrary files to the server without any credentials. Attackers can exploit this flaw to upload malicious files, such as web shells or executable code, leading to remote code execution and complete compromise of the affected system.
Remediation
Apply the security patches released by SAP in the April 2025 Security Patch Day immediately. Review the SAP Security Note associated with CVE-2025-31324 and follow the vendor's remediation instructions for your specific SAP NetWeaver Visual Composer version. As interim mitigation measures until patching is complete: (1) restrict network access to the Metadata Uploader component using firewall rules or access control lists to allow only trusted IP addresses, (2) disable the Visual Composer Metadata Uploader functionality if not actively required for business operations, and (3) monitor server logs for suspicious file upload attempts or unauthorized access to Visual Composer endpoints. After patching, conduct a thorough security review to identify any indicators of compromise, including unexpected files in upload directories or web server document roots.