SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-31324 | SAP NetWeaver Unrestricted File Upload Vulnerability | exploitation_technique | T1055 | Process Injection |
Comments
Attackers have exploited this SAP vulnerability to achieve remote code execution on the target system by sending malicious ZIP files to specific server endpoints. This can be done either through use of a single command or by uploading a web shell.
References
|
| CVE-2025-31324 | SAP NetWeaver Unrestricted File Upload Vulnerability | exploitation_technique | T1505.003 | Web Shell |
Comments
Attackers have exploited this SAP vulnerability to achieve remote code execution on the target system by sending malicious ZIP files to specific server endpoints. This can be done either through use of a single command or by uploading a web shell.
References
|
| CVE-2025-31324 | SAP NetWeaver Unrestricted File Upload Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
Attackers have exploited this SAP vulnerability to achieve remote code execution on the target system by sending malicious ZIP files to specific server endpoints. This can be done either through use of a single command or by uploading a web shell.
References
|
| CVE-2025-31324 | SAP NetWeaver Unrestricted File Upload Vulnerability | secondary_impact | T1602 | Data from Configuration Repository |
Comments
Attackers have exploited this SAP vulnerability to achieve remote code execution on the target system by sending malicious ZIP files to specific server endpoints. This can be done either through use of a single command or by uploading a web shell.
References
|