Page 2 – Onapsis

SAP a l’heure du Cloud : Comprendre et appliquer le modèle de responsabilité partagée

June 23, 2025/in Webinars/by Luciana Tabo

Sécurisez SAP dans le cloud et comprenez le modèle de Responsabilité Partagée de RISE avec Onapsis.

Onapsis SAP Defenders Community Meet-up - June 2025

June 12, 2025/in Webinars/by Luciana Tabo

Onapsis SAP Defenders Community Meet-up – June 2025

SAP Cybersecurity Q&A with Authors Gaurav Singh and Juan Perez-Etchegoyen

June 2, 2025/in Videos/by Luciana Tabo

Authors Gaurav Singh and Juan Perez-Etchegoyen recently took part in the SAP PRESS Book Club webinar series, where they answered reader questions about cybersecurity for SAP over the course of an hour.

Executive Threat Overview: Critical Zero-Day SAP Vulnerabilities Under Active Global Exploitation

May 29, 2025/in Datasheets/by Luciana Tabo

By exploiting these vulnerabilities, unauthenticated threat actors can gain unrestricted remote access to SAP business-critical data and

Threat Briefing Report: Critical SAP Vulnerabilities (CVE-2025-31324 and CVE-2025-42999) Under Active Mass Exploitation

May 15, 2025/in Reports/by Luciana Tabo

This consolidated threat advisory [TLP:CLEAR] is provided to support defenders in their assessment of exposure and compromise against the active mass exploitation of SAP security vulnerabilities CVE-2025-31324 and CVE-2025-42999.

The document includes exclusive threat intelligence developed by Onapsis Research Labs, along with key findings consolidated in collaboration with other trusted cybersecurity organizations.

Please note that this threat campaign is under development, and the document may be updated frequently (current version May 15, rev 4.0).

The threat advisory details:

Executive Summary
Active Campaign Details and Timeline
Business Impact
Onapsis Advanced Threat Intelligence
Targeted Industries
Threat Actor Attribution
Recommendations
Resources
Technical Insights
- Vulnerability Overview
- Exploitation Method
- Observed Tactics, Techniques, and Procedures (TTPs)
- Indicators of Compromise (IOCs)
- Detection Methods

This threat advisory is a standalone resource meant to support your incident response and patch prioritization workflows. For real-time updates and ongoing analysis, refer to our continuously updated blog post.

Download the threat advisory by completing the form.

Securing SAP in the Cloud: Best Practices to RISE Above for Enterprise Success

May 13, 2025/in Podcasts/by Luciana Tabo

Discover key insights, gain actionable advice, and empower your organization to navigate the cloud securely during this conversation with industry experts from Onapsis and Capgemini.

Join us for an educational conversation where we delve into the world of SAP security in the cloud. As enterprises increasingly migrate their SAP systems to the cloud, it becomes imperative to address the unique security challenges that arise in this new landscape. In this thought leadership session, our experts will share best practices, solutions and practical strategies for securing SAP in the cloud, including an update on the SAP threat landscape, the Shared Fate & Responsibility Model for SAP applications and best practices to ensure the integrity, confidentiality, and availability of critical business data. Discover key insights, gain actionable advice, and empower your organization to navigate the cloud securely while harnessing the full potential of SAP.

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

May 13, 2025/in Podcasts/by Luciana Tabo

Active exploitation against a zero-day vulnerability in SAP systems in the wild.

Evidence of active attacks against this vulnerability has been observed by ReliaQuest, Onapsis Threat Intelligence, and confirmed by multiple IR firms in recent active investigations.

SAP published an emergency security patch on April 24, 2025 to address this issue. The vulnerability is of critical severity (CVSS 10), and affects the SAP Visual Composer component of SAP Java systems, which is not enabled by default.

Critical Exploit Details:

Unauthenticated threat actors can exploit CVE-2025-31324.
Attackers can gain full control of vulnerable SAP systems.
Risks include unrestricted access to SAP business data and processes, ransomware deployment, and lateral movement.
Continued exploitation is expected against vulnerable internet-facing SAP Java systems.

Onapsis and Mandiant: Latest Intelligence on Critical SAP Zero-Day Vulnerability (CVE-2025-31324)

May 13, 2025/in Podcasts/by Luciana Tabo

SAP defenders were briefed on an active exploitation campaign targeting a critical CVSS 10.0 vulnerability (CVE-2025-31324). The attack campaign was executed against SAP systems around the world. Thanks to rapid response from SAP, a security patch was released quickly. However, the ongoing impact of this orchestrated attack campaign remains far-reaching and the threat of further potential exploitation of this vulnerability is still very much active.

Onapsis and Mandiant: Latest Intelligence on Critical SAP Zero-Day Vulnerability (CVE-2025-31324)

May 7, 2025/in Webinars/by Luciana Tabo

ON DEMAND

SAP defenders were briefed on an active exploitation campaign targeting a critical CVSS 10.0 vulnerability (CVE-2025-31324). The attack campaign was executed against SAP systems around the world. Thanks to rapid response from SAP, a security patch was released quickly. However, the ongoing impact of this orchestrated attack campaign remains far-reaching and the threat of further potential exploitation of this vulnerability is still very much active.

Onapsis in collaboration with Mandiant (part of Google Cloud) invites you to a webinar to discuss the current state of the attack campaign for CVE-2025-31324, including

Details on the attack campaign
Further details on the vulnerability, its indicators of compromise, and remediation strategies
New insights from ongoing research and incident response investigations by the Onapsis Research Labs and Mandiant
How to best protect your critical SAP assets and your organization.

In the meantime, you can also view our detailed blog around this collaboration to assist defenders with this SAP zero-day.

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing SAP Business Technology Platform (BTP)

The Book on Cybersecurity for SAP

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

Your S/4HANA Cloud Journey

SAP a l’heure du Cloud : Comprendre et appliquer le modèle de responsabilité partagée

Onapsis SAP Defenders Community Meet-up - June 2025

SAP Cybersecurity Q&A with Authors Gaurav Singh and Juan Perez-Etchegoyen

Executive Threat Overview: Critical Zero-Day SAP Vulnerabilities Under Active Global Exploitation

Threat Briefing Report: Critical SAP Vulnerabilities (CVE-2025-31324 and CVE-2025-42999) Under Active Mass Exploitation

The threat advisory details:

Securing SAP in the Cloud: Best Practices to RISE Above for Enterprise Success

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

Onapsis and Mandiant: Latest Intelligence on Critical SAP Zero-Day Vulnerability (CVE-2025-31324)

Onapsis and Mandiant: Latest Intelligence on Critical SAP Zero-Day Vulnerability (CVE-2025-31324)