What is the CVSS score of CVE-2025-31324?

CVE-2025-31324 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 32.2%.

Which versions of Netweaver are affected by CVE-2025-31324?

Organizations using SAP NetWeaver Visual Composer Metadata Uploader face critical risk from CVE-2025-31324, a unrestricted file upload vulnerability rated CVSS 10.0.

Is CVE-2025-31324 being actively exploited?

Yes, CVE-2025-31324 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2025-31324?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Review file handling controls and restrict upload directories.

Netweaver CVE-2025-31324

CRITICAL

Unrestricted Upload of File with Dangerous Type (CWE-434)

2025-04-24 cna@sap.com

SAP File Upload Netweaver

10.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:38 vuln.today

Added to CISA KEV

Oct 31, 2025 - 21:56 cisa

CISA KEV

CVE Published

Apr 24, 2025 - 17:15 nvd

CRITICAL 10.0

DescriptionNVD

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

AnalysisAI

SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload malicious executable binaries for critical system compromise (CVSS 10.0).

Technical ContextAI

The CWE-434 unrestricted file upload in the Metadata Uploader endpoint accepts any file type without authentication or authorization checks. Attackers upload JSP web shells or compiled executables that are then accessible for execution on the SAP server.

RemediationAI

Apply SAP security notes immediately. Disable Visual Composer if not required. Restrict network access to SAP management interfaces. Scan for web shells in SAP deployment directories.

CVE-2025-31324 vulnerability details – vuln.today

Back

Netweaver CVE-2025-31324

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code