Exploitation of a significant, unpatched SAP system security flaw (CVE-2025-31324) is underway.
In a significant development for the cybersecurity community, researchers from Onapsis have discovered a critical vulnerability in SAP systems, identified as CVE-2025-31324. This vulnerability, of high severity with a CVSS score of 10, affects the SAP Visual Composer component of SAP Java systems.
The vulnerability allows unauthenticated attackers to gain full control over vulnerable SAP systems, potentially leading to unrestricted access to business data and processes, ransomware deployment, and lateral movement. This poses a significant risk to organisations using SAP systems, especially those with SAP Java systems connected to the internet.
SAP, in collaboration with Onapsis, has taken immediate action to address this issue. They have released an emergency security patch on April 24, 2025, which can be applied through SAP note 3594142. It is strongly recommended that all SAP customers apply this patch as soon as possible to resolve the issue.
For those who may face challenges in applying the patch immediately, SAP also provides guidance in SAP note 3596125. This note recommends disabling or preventing access to the affected component as a temporary mitigation measure.
It is important to note that the SAP Visual Composer component is typically not enabled by default. However, the presence of this vulnerability means that even systems without this component enabled could be at risk if they are connected to a system that has the affected component enabled.
Multiple Incident Response (IR) firms are currently investigating active attacks exploiting this vulnerability, as observed by ReliaQuest and Onapsis Threat Intelligence. Further attacks on vulnerable SAP Java systems connected to the internet are expected.
SAP and Onapsis continue to urge customers to take immediate action to protect their systems from this critical vulnerability. A CVE-2025-31324 Scanner is available for immediate assessment, and a detailed blog provides further reading on the subject.
Stay vigilant, and ensure your SAP systems are protected against this critical vulnerability. For the latest updates and guidance, visit the SAP and Onapsis websites.
Read also:
- Upcoming iPhone Model: What We Understand Thus Far
- Rabies persists in its destructive course
- Luke Littler's substantial monetary assets unveiled as the 18-year-old darts prodigy's net worth anticipates significant growth in the coming year.
- Government entity BDL to address the grievances of young agriculturalists
%20is%20underway.){kind=link}