Summary:
Tenable researchers have uncovered a critical zero-day vulnerability (CVE-2025-31324) affecting SAP NetWeaver AS Java systems. The flaw, currently exploited in the wild, stems from a missing authentication check in a servlet responsible for handling certain HTTP requests. If successfully exploited, attackers can achieve unauthenticated remote code execution (RCE), granting them full control over the affected SAP systems. Given SAP’s prominent role in enterprise environments, this vulnerability poses a substantial risk across multiple industries.
Risks:
The exploitation of CVE-2025-31324 could have devastating consequences. Attackers could fully compromise an SAP NetWeaver system, leading to unauthorized data access, tampering with business-critical operations, deployment of malware, and lateral movement throughout the network. Given that the vulnerability does not require prior authentication, internet-exposed SAP instances are especially at risk. Organizations leveraging SAP for finance, HR, manufacturing, and logistics are facing significant potential operational and reputational damages.
Remediation:
SAP has released a patch to address CVE-2025-31324 in its April 2025 Security Patch Day updates. Organizations should:
-
Apply the SAP-provided patches immediately to affected systems.
-
Audit SAP NetWeaver instances for signs of exploitation.
-
Review exposed SAP services and restrict access where possible.
-
Implement Web Application Firewalls (WAFs) and enhanced monitoring for suspicious activity targeting SAP endpoints.
It is critical that organizations prioritize patching and security hardening to mitigate risks from active exploitation.
Conclusion:
CVE-2025-31324 represents a severe security threat to enterprises relying on SAP NetWeaver. Its active exploitation emphasizes the urgent need for prompt remediation. Given the widespread reliance on SAP’s platform, the fallout from a successful attack could be extensive. Shield53 recommends that all SAP customers act immediately to secure their environments against this critical flaw.