The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in the Metadata Uploader component of SAP NetWeaver Visual Composer, assessed its impact, and developed mitigation measures.
SAP NetWeaver serves as a robust technology platform that functions as both an integration hub and application layer, enabling businesses to unify data, processes, and applications from various sources into a cohesive SAP ecosystem. Complementing this, SAP Visual Composer offers a user-friendly development environment for quickly designing and customizing model-driven transactional and analytical applications. Tracked as CVE-2025-31324, this critical vulnerability allows unauthenticated attackers to upload malicious files to vulnerable systems, potentially leading to remote code execution and complete system compromise.
Read more…
Source: SonicWall
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Intel Chip Vulnerability Worse than Thought, Lets Hackers Hijack Fleets of PCs
May 8, 2017
That vulnerability that Intel discovered and disclosed last week after going undetected for almost a decade is much worse than originally thought as it allows hackers to remotely gain full control over affected PCs running Windows, without even needing a password. As announced by Intel, the bug affects Intel’s Active Management Technology (AMT) which allows IT ...
- PCs with Intel Server Chipsets, Launched Since 2010, Can be Hacked Remotely
May 1, 2017
Updated: Since the below-reported vulnerability is highly critical and it would take a few weeks for sysadmins to protect their enterprise network, the research team has not yet disclosed the technical details of the vulnerability. Meanwhile, I have talked with Maksim Malyutin, a member of Embedi research team who discovered the vulnerability in March, and updated ...
- Systems-on-a-chip are a huge, unaudited attack surface, says Project Zero’s Wi‑Fi attack man
April 12, 2017
The internal inter-chip communications of devices like smartphones are a “huge, mostly unaudited attack surface,” according to Gal Beniamini of Google’s Project Zero, in his promised follow-up to last week’s demonstration of how to attack Wi‑Fi chips over the air. His April 4 “part one” prompted emergency patches from Apple and Google, new drivers from Broadcom ...
- Adobe Patches 59 Vulnerabilities Across Flash, Reader, Photoshop
April 11, 2017
Adobe patched 59 vulnerabilities in five different products, including Flash Player, Acrobat/Reader, Photoshop, Adobe Campaign, and its Adobe Creative Cloud App as part of its regularly scheduled software update today. The company warned in a series of security bulletins posted shortly before noon Tuesday that the bulk of the bugs, 44, are critical and could lead to code ...
- Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day
April 10, 2017
This weekend saw multiple reports of a new zero-day vulnerability that affected all versions of Microsoft Word. Today, Proofpoint researchers observed the document exploit being used in a large email campaign distributing the Dridex banking Trojan. This campaign was sent to millions of recipients across numerous organizations primarily in Australia. This represents a significant level of ...
- Apple Fixes 223 Vulnerabilities Across macOS, iOS, Safari
March 28, 2017
Apple fixed hundreds of bugs, 223 to be exact, across a slate of products including macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday. More than a quarter of the bugs, 40 in macOS Sierra, and 30 in iOS, could lead to arbitrary code execution – in some instances with root privileges, Apple warned. The lion’s share of ...

