#sapnetweaver — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sapnetweaver, aggregated by home.social.
-
🎯 Threat Intelligence
===================Executive summary: The ProjectDiscovery year-in-review highlights a small set of high-impact vulnerabilities that drove exploitation behaviour across 2025. Public disclosure, rapid PoCs, and immediate scanning activity shrank the window between advisories and operational exploitation for issues offering unauthenticated access, reliable RCE, or broad reach.
Technical details:
• CVE-2025-55182 — React Server Components deserialization flaw (branded React2Shell). The bug enabled unauthenticated remote code execution at framework level, increasing the number of viable targets across internal, staging, and production applications.
• CVE-2025-31324 — SAP NetWeaver Visual Composer Metadata Uploader lacked authentication, allowing direct upload of JSP web shells and immediate code execution in affected deployments.
• Additional notable mentions in the report include CVE-2025-0108 (PAN-OS authentication bypass), CVE-2025-20188 (Cisco IOS XE hardcoded JWT), and CVE-2025-32433 (Erlang/OTP SSH RCE).Analysis:
• Attackers prioritized practicality over novelty: unauthenticated flaws and RCE at scale provided predictable, high-value access paths (e.g., SAP systems leading to enterprise-wide impact).
• Framework-level flaws (React2Shell) blurred the boundary between application internals and external attack surface, making many otherwise non-exposed apps exploitable.
• Exploitation progressed through observable phases: perimeter device compromise, runtime/software exposure, ubiquity as multiplier, and finally developer/update infrastructure targeting.Detection:
• Community detection work and exposure scanning (including public Nuclei templates) were primary signals cited for tracking exploitation. Example template reference: Nuclei template: CVE-2025-55182.
• Observable indicators included rapid, high-volume scanning for framework-specific endpoints and attempts to upload/execute web shell artifacts against upload endpoints.Mitigation and defender takeaways (reported):
• The year demonstrated narrowing disclosure-to-exploit windows and emphasized treating widely deployed frameworks as part of the external attack surface.
• Incident response priorities shifted toward faster detection of scanning/exploitation activity and inventorying framework exposure across environments.References:
• ProjectDiscovery: Year in Review: The Vulnerabilities That Defined 2025 • CVE-2025-55182, CVE-2025-31324, CVE-2025-0108, CVE-2025-20188, CVE-2025-32433🔹 React2Shell #CVE2025 #SAPNetWeaver #Nuclei #ThreatIntel
🔗 Source: https://projectdiscovery.io/blog/year-in-review-the-vulnerabilities-that-defined-2025
-
🎯 Threat Intelligence
===================Executive summary: The ProjectDiscovery year-in-review highlights a small set of high-impact vulnerabilities that drove exploitation behaviour across 2025. Public disclosure, rapid PoCs, and immediate scanning activity shrank the window between advisories and operational exploitation for issues offering unauthenticated access, reliable RCE, or broad reach.
Technical details:
• CVE-2025-55182 — React Server Components deserialization flaw (branded React2Shell). The bug enabled unauthenticated remote code execution at framework level, increasing the number of viable targets across internal, staging, and production applications.
• CVE-2025-31324 — SAP NetWeaver Visual Composer Metadata Uploader lacked authentication, allowing direct upload of JSP web shells and immediate code execution in affected deployments.
• Additional notable mentions in the report include CVE-2025-0108 (PAN-OS authentication bypass), CVE-2025-20188 (Cisco IOS XE hardcoded JWT), and CVE-2025-32433 (Erlang/OTP SSH RCE).Analysis:
• Attackers prioritized practicality over novelty: unauthenticated flaws and RCE at scale provided predictable, high-value access paths (e.g., SAP systems leading to enterprise-wide impact).
• Framework-level flaws (React2Shell) blurred the boundary between application internals and external attack surface, making many otherwise non-exposed apps exploitable.
• Exploitation progressed through observable phases: perimeter device compromise, runtime/software exposure, ubiquity as multiplier, and finally developer/update infrastructure targeting.Detection:
• Community detection work and exposure scanning (including public Nuclei templates) were primary signals cited for tracking exploitation. Example template reference: Nuclei template: CVE-2025-55182.
• Observable indicators included rapid, high-volume scanning for framework-specific endpoints and attempts to upload/execute web shell artifacts against upload endpoints.Mitigation and defender takeaways (reported):
• The year demonstrated narrowing disclosure-to-exploit windows and emphasized treating widely deployed frameworks as part of the external attack surface.
• Incident response priorities shifted toward faster detection of scanning/exploitation activity and inventorying framework exposure across environments.References:
• ProjectDiscovery: Year in Review: The Vulnerabilities That Defined 2025 • CVE-2025-55182, CVE-2025-31324, CVE-2025-0108, CVE-2025-20188, CVE-2025-32433🔹 React2Shell #CVE2025 #SAPNetWeaver #Nuclei #ThreatIntel
🔗 Source: https://projectdiscovery.io/blog/year-in-review-the-vulnerabilities-that-defined-2025
-
Jaguar Land Rover Cyberattack Disrupts Production and Sales Operations – Source:hackread.com https://ciso2ciso.com/jaguar-land-rover-cyberattack-disrupts-production-and-sales-operations-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #JaguarLandRover #ScatteredSpider #cybersecurity #Vulnerability #CyberAttacks #SAPNetWeaver #ShinyHunters #CyberAttack #Hackread #security #Lapsus
-
Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company – Source: securityaffairs.com https://ciso2ciso.com/critical-sap-flaw-exploited-to-launch-auto-color-malware-attack-on-u-s-company-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #AutoColormalware #SecurityAffairs #SecurityAffairs #BreakingNews #CVE202531324 #SAPNetweaver #SecurityNews #hackingnews #hacking
-
SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm https://hackread.com/sap-netweaver-vulnerability-auto-color-malware-us-firm/ #Cybersecurity #Vulnerability #CyberAttacks #SAPNetWeaver #CyberAttack #Autocolor #Darktrace #Security #Malware
-
SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm – Source:hackread.com https://ciso2ciso.com/sap-netweaver-vulnerability-used-in-auto-color-malware-attack-on-us-firm-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #CyberAttacks #SAPNetWeaver #CyberAttack #Autocolor #Darktrace #Hackread #security #malware
-
Hackers have been spotted exploiting a critical SAP NetWeaver flaw (CVE-2025-31324) to deploy Auto-Color malware in an attack on a US firm.
Read: https://hackread.com/sap-netweaver-vulnerability-auto-color-malware-us-firm/
-
SAP June 2025 Security Patch Day fixed critical NetWeaver bug – Source: securityaffairs.com https://ciso2ciso.com/sap-june-2025-security-patch-day-fixed-critical-netweaver-bug-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SAPNetweaver #SecurityNews #hackingnews #0CISO2CISO #Security #hacking #SAP
-
🚨 SAP NetWeaver: Details on a Common Weaponization Timeline
As mentioned in the May CrowdSec VulnTracking report, #SAPNetWeaver (CVE-2025-31324) was a very interesting case study that highlighted the fact that mainstream malicious actors and legitimate security scanners depend on the same PoCs/write-ups to act. Let’s dive into the timeline and key findings.
🔑 Key findings
🔹 Early reports suggest that a select group of highly skilled attackers weaponized the vulnerability before its public disclosure, but mass exploitation began immediately after the exploit details surfaced.
🔹 Common scanning companies were flagged looking for this vulnerability. The first to take action by order of appearance were cert.pl, hadrian.io, and stretchoid, the latter one being still active today and accountable for most of the volumeℹ️ About the exploit
A critical zero-day vulnerability (CVSS 10.0) was identified in SAP NetWeaver's Visual Composer component. This flaw allows unauthenticated attackers to upload arbitrary files via the /developmentserver/metadatauploader endpoint, leading to remote code execution with high privileges.🔎 Trend analysis
🔹 First Publish Date (April 24, 2025): Vulnerability disclosed; no public exploits available.
🔹 CrowdSec Network Monitoring Begins (April 26, 2025): No public exploits exist yet, but we deployed a detection rule. Early probes came from advanced actors, 37% used new, disposable infrastructure, while 63% linked to known threats. Alert volume remains very low.
🔹 First Public Exploit (April 29, 2025): Scanning activity skyrockets, nearly 50x the original volume, as public exploits emerge. Both botnets and internet-wide scanners (“the usual suspects” and industry surface management providers) started intensive scanning. At this time, benign actors account for over 50% of scanning activity.
🔹 Following weeks: Slowly, malicious actors decrease in volume of exploitation as they move to other vulnerabilities. Only benign actors remain and account for 90% of the traffic volume.✅ How to protect your systems
🔹 Patch: Apply SAP Security Note immediately.
🔹 Preemptive blocking: Stay protected in real-time with top-tier blocklists that you can plug in minutes into the most popular security solutions, such as Fortinet.
Sharing insights and taking swift action can collectively reduce the impact of these threats. This is your call to action for real-time threat intelligence and collaborative cybersecurity: https://www.crowdsec.net/integrationsFor more information, visit crowdsec.net
Want to stay ahead of the latest cyber threats? Get our weekly Threat Alert Newsletter delivered straight to your inbox, along with critical threat updates and trending cybersecurity insights.
📩 Sign up now for exclusive access: https://contact.crowdsec.net/threat-alert
-
Warnung vor Angriffen auf neue #SAP-#Netweaver-Lücke, #Chrome und #Draytek-Router | Security https://www.heise.de/news/Warnung-vor-Angriffen-auf-neue-SAP-Netweaver-Luecke-Chrome-und-Draytek-Router-10385563.html #Patchday #SAPNetweaver #Vigor2960 #Vigor300B #DraytekVigor2960 #DraytekVigor300B #Google :google: #GoogleChrome #ChromeBrowser
-
Warnung vor Angriffen auf neue #SAP-#Netweaver-Lücke, #Chrome und #Draytek-Router | Security https://www.heise.de/news/Warnung-vor-Angriffen-auf-neue-SAP-Netweaver-Luecke-Chrome-und-Draytek-Router-10385563.html #Patchday #SAPNetweaver #Vigor2960 #Vigor300B #DraytekVigor2960 #DraytekVigor300B #Google :google: #GoogleChrome #ChromeBrowser
-
Warnung vor Angriffen auf neue #SAP-#Netweaver-Lücke, #Chrome und #Draytek-Router | Security https://www.heise.de/news/Warnung-vor-Angriffen-auf-neue-SAP-Netweaver-Luecke-Chrome-und-Draytek-Router-10385563.html #Patchday #SAPNetweaver #Vigor2960 #Vigor300B #DraytekVigor2960 #DraytekVigor300B #Google :google: #GoogleChrome #ChromeBrowser
-
SAP NetWeaver has a gaping security flaw, and threat actors are already exploiting it to gain full control of systems. If you're relying on NetWeaver, now's the time to patch up—can your defenses handle this risk?
-
SAP NetWeaver users, take note: a critical flaw is letting hackers gain remote control with malicious file uploads—and it's already being exploited by Chinese threat actors. Is your system protected?
#cve202531324
#sapnetweaver
#cybersecurity
#chinesehackers
#remotecodeexecution -
SAP NetWeaver users, take note: a critical flaw is letting hackers gain remote control with malicious file uploads—and it's already being exploited by Chinese threat actors. Is your system protected?
#cve202531324
#sapnetweaver
#cybersecurity
#chinesehackers
#remotecodeexecution -
SAP NetWeaver users, take note: a critical flaw is letting hackers gain remote control with malicious file uploads—and it's already being exploited by Chinese threat actors. Is your system protected?
#cve202531324
#sapnetweaver
#cybersecurity
#chinesehackers
#remotecodeexecution -
Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324 – Source: securityaffairs.com https://ciso2ciso.com/experts-warn-of-a-second-wave-of-attacks-targeting-sap-netweaver-bug-cve-2025-31324-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2025-31324 #BreakingNews #SAPNetweaver #SecurityNews #hackingnews #Cybercrime
-
CVE-2025-31324 Detection: SAP NetWeaver Zero-Day Under Active Exploitation Exposes Critical Systems to Remote Code Execution – Source: socprime.com https://ciso2ciso.com/cve-2025-31324-detection-sap-netweaver-zero-day-under-active-exploitation-exposes-critical-systems-to-remote-code-execution-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #CVE-2025-31324 #Latestthreats #Vulnerability #SAPNetweaver #socprimecom #socprime #zeroday #Blog #CVE #SAP
-
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells https://hackread.com/sap-netweaver-flaw-severity-hackers-deploy-web-shells/ #Cybersecurity #Vulnerability #SAPNetWeaver #Security #WebShell #SAP
-
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells https://hackread.com/sap-netweaver-flaw-severity-hackers-deploy-web-shells/ #Cybersecurity #Vulnerability #SAPNetWeaver #Security #WebShell #SAP
-
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells https://hackread.com/sap-netweaver-flaw-severity-hackers-deploy-web-shells/ #Cybersecurity #Vulnerability #SAPNetWeaver #Security #WebShell #SAP
-
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells https://hackread.com/sap-netweaver-flaw-severity-hackers-deploy-web-shells/ #Cybersecurity #Vulnerability #SAPNetWeaver #Security #WebShell #SAP
-
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells – Source:hackread.com https://ciso2ciso.com/sap-netweaver-flaw-scores-10-0-severity-as-hackers-deploy-web-shells-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #SAPNetWeaver #Hackread #security #WebShell #SAP
-
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells – Source:hackread.com https://ciso2ciso.com/sap-netweaver-flaw-scores-10-0-severity-as-hackers-deploy-web-shells-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #SAPNetWeaver #Hackread #security #WebShell #SAP
-
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells – Source:hackread.com https://ciso2ciso.com/sap-netweaver-flaw-scores-10-0-severity-as-hackers-deploy-web-shells-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #SAPNetWeaver #Hackread #security #WebShell #SAP
-
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells – Source:hackread.com https://ciso2ciso.com/sap-netweaver-flaw-scores-10-0-severity-as-hackers-deploy-web-shells-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #SAPNetWeaver #Hackread #security #WebShell #SAP
-
SAP NetWeaver zero-day allegedly exploited by an initial access broker – Source: securityaffairs.com https://ciso2ciso.com/sap-netweaver-zero-day-allegedly-exploited-by-an-initial-access-broker-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #InitialAccessBroker #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CVE-2025-31324 #BreakingNews #SAPNetweaver #SecurityNews #hackingnews #hacking #zeroday
-
SAP NetWeaver 7.52 gibt es seit 2019, und doch haben nicht viele migriert. Für das Update spricht unter anderem das ABAP SQL Test Double Framework.
ABAP SQL Test Double Framework: Förderer von Clean Code in SAP-Anwendungen
#SAP #sapnetweaver