On Demand Webinar

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

There is active exploitation against a zero-day vulnerability in SAP systems in the wild. Evidence of active attacks against this vulnerability has been observed by ReliaQuest, Onapsis Threat Intelligence, and confirmed by multiple IR firms in recent active investigations.

SAP published an emergency security patch on April 24, 2025 to address this issue. The vulnerability is of critical severity (CVSS 10), and affects the SAP Visual Composer component of SAP Java systems, which is not enabled by default.

Unauthenticated threat actors can exploit the vulnerability to gain full control of vulnerable SAP systems, including unrestricted access to the SAP business data and processes, deploy ransomware in SAP and move laterally. Given the observed activity and vulnerability characteristics, we expect continued exploitation against vulnerable internet-facing SAP Java systems.

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing Your Future: Preparing for a Successful SAP RISE Transformation

Executive Threat Overview: Reported SAP Cyber Attack Severely Impacts Business Operations, Compromises Data at Global Manufacturer

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

10 Reasons Why More Companies Choose Onapsis

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)