CVE-2025-31324CISA KEV: Actively Exploited

SAP NetWeaver Unrestricted File Upload Vulnerability

Published Apr 29, 2025Updated Apr 29, 2025

Description

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

Public Exploits & PoCs18 found

PoC: CVE-2025-31324

CVE-2025-31324, SAP Exploit

15

PoC: CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

5

PoC: sap_netweaver_cve-2025-31324-

Research Purposes only

4

PoC: CVE-2025-31324_PoC

Proof-of-Concept for CVE-2025-31324: Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader

2

PoC: nuclei-template-cve-2025-31324-check

sap-netweaver-cve-2025-31324-check

1

PoC: Onapsis-Mandiant-CVE-2025-31324-Vuln-Compromise-Assessment

CVE-2025-31324 vulnerability and compromise assessment tool

1

PoC: CVE-2025-31324-File-Upload

A totally unauthenticated file-upload endpoint in Visual Composer lets anyone drop arbitrary files (e.g., a JSP web-shell) onto the server.

1

PoC: CVE-2025-31324

Proof-of-Concept 0day for SAP NetWeaver created by ShinyHunters

PoC: sap-netweaver-0day-CVE-2025-31324

sap netweaver 0day poc by shinyhunters (scattered lapsus$ hunters) affecting all 7.x CVE-2025-31324

PoC: CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader 7.50 CVE-2025-31324 PoC

PoC: CVE-2025-31324

A Python-based security scanner for identifying the CVE-2025-31324 vulnerability in SAP Visual Composer systems, and detecting known Indicators of Compromise (IOCs) such as malicious .jsp.

PoC: jsp-webshell-scanner

馃攳 A simple Bash script to detect malicious JSP webshells, including those used in exploits of SAP NetWeaver CVE-2025-31324.

PoC: Burp_CVE-2025-31324

Python-based Burp Suite extension is designed to detect the presence of CVE-2025-31324

PoC: CVE-2025-31324

Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader

PoC: CVE-2025-31324_PoC_SAP

Proof-of-Concept for CVE-2025-31324: Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader

PoC: SAP-CVE-2025-31324

SAP NetWeaver Unauthenticated Remote Code Execution

PoC: CVE-2025-31324-NUCLEI

Nuclei template for cve-2025-31324 (SAP)

PoC: CVE-2025-31324

SAP PoC para CVE-2025-31324

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free