This consolidated threat advisory [TLP:CLEAR] is provided to support defenders in their assessment of exposure and compromise against the active mass exploitation of SAP security vulnerabilities CVE-2025-31324 and CVE-2025-42999.
The document includes exclusive threat intelligence developed by Onapsis Research Labs, along with key findings consolidated in collaboration with other trusted cybersecurity organizations.
Please note that this threat campaign is under development, and the document may be updated frequently (current version May 15, rev 4.0).
The threat advisory details:
- Executive Summary
- Active Campaign Details and Timeline
- Business Impact
- Onapsis Advanced Threat Intelligence
- Targeted Industries
- Threat Actor Attribution
- Recommendations
- Resources
- Technical Insights
- Vulnerability Overview
- Exploitation Method
- Observed Tactics, Techniques, and Procedures (TTPs)
- Indicators of Compromise (IOCs)
- Detection Methods
This threat advisory is a standalone resource meant to support your incident response and patch prioritization workflows. For real-time updates and ongoing analysis, refer to our continuously updated blog post.
Download the threat advisory by completing the form.