Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324) Podcast

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

Active exploitation against a zero-day vulnerability in SAP systems in the wild.

Evidence of active attacks against this vulnerability has been observed by ReliaQuest, Onapsis Threat Intelligence, and confirmed by multiple IR firms in recent active investigations.

SAP published an emergency security patch on April 24, 2025 to address this issue. The vulnerability is of critical severity (CVSS 10), and affects the SAP Visual Composer component of SAP Java systems, which is not enabled by default.

Critical Exploit Details:

Unauthenticated threat actors can exploit CVE-2025-31324.
Attackers can gain full control of vulnerable SAP systems.
Risks include unrestricted access to SAP business data and processes, ransomware deployment, and lateral movement.
Continued exploitation is expected against vulnerable internet-facing SAP Java systems.

Back to Podcasts

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing SAP Business Technology Platform (BTP)

The Book on Cybersecurity for SAP

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

Your S/4HANA Cloud Journey

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)