Yahoo Finance

Critical vulnerability in SAP NetWeaver Visual Composer leads to confirmed compromises

This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. A critical vulnerability in SAP NetWeaver ...
Hosted on MSN

SAP patches recently exploited zero-day in wake of NetWeaver server attacks

SAP fixed CVE-2025-42999, a 9.1/10 vulnerability in NetWeaver This one was chained with CVE-2025-31324, which was fixed in April Fortune 500 companies are apparently at risk SAP has patched a critical ...
Infosecurity-magazine.com

SAP Fixes Critical Vulnerability After Evidence of Exploitation

German software company SAP has finally disclosed and fixed a highly critical vulnerability in the NetWeaver Visual Composer development server after evidence of exploitation in the wild. NetWeaver ...
TechRadar

SAP NetWeaver woes worsen as ransomware gangs join the attack

BianLian, RansomEXX, and others, are jumping the NetWeaver bandwagon In late April, SAP fixed a 10/10 bug in NetWeaver Visual Composer Metadata Uploader Researchers claim there are 1,200 vulnerable ...
TechRadar

Maximum severity vulnerability puts over 1200 SAP NetWeaver servers at risk of hijacking

SAP disclosed a 10/10 flaw in NetWeaver Visual Composer The bug allows threat actors to upload malware Researchers claim up to 1,200 instances are vulnerable More than 1,200 SAP instances are at risk ...
CSOonline

SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability

The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.