SAP Patch Day: NetWeaver vulnerability allows code injection

In March, SAP addresses partly critical security vulnerabilities in various products in 15 advisories. Admins must act.
CSOonline

SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability

The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.
heise online

SAP Patchday: NetWeaver products are vulnerable to malware attacks

On Patchday in July, SAP developers closed a total of five "critical" security vulnerabilities. In the worst case scenario, malicious code can compromise systems. So far, there are no indications that ...
Bleeping Computer

SAP updates security note for critical RECON vulnerability

SAP today released its security patches for August, alerting of new critical and high-severity vulnerabilities in several of its products, mostly NetWeaver Application Server (AS). The full list ...
Dark Reading

SAP NetWeaver Visual Composer Flaw Under Active Exploitation

Attackers are actively exploiting a recently patched zero-day vulnerability in SAP's NetWeaver Visual Composer Web-based software modeling tool. CVE-2025-31324 is a critical vulnerability with a ...
CSOonline

SAP patches severe vulnerabilities in NetWeaver and Commerce apps

The enterprise software vendor bundled 25 security patches into its March update, addressing flaws that impact middleware, interfaces, custom apps, and more. SAP has patched high-severity ...
CRN

SAP's Agassi Unravels The Meaning Of NetWeaver

A member of the Executive Board of SAP AG, Shai Agassi is the person most responsible for SAP's NetWeaver platform. It was Agassi who first introduced the idea of an application and integration ...