The Hacker News

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The ...
TechRadar

Watch out - this SAP NetWeaver bug has a maximum severity score, and it could target your ...

SAP patched CVE-2025-42944, a critical flaw allowing unauthenticated OS command execution Two more severe vulnerabilities affect SAP Print Service and Supplier Relationship Management modules ...
搜狐

SAP 警告多个产品存在高危漏洞,NetWeaver 平台现最大严重性 10 分漏洞

SAP 公司警告称,其多个广泛使用的产品中存在超过 24 个新发现的漏洞,其中包括一个最高严重性评级为 10 分的安全漏洞。此前,黑客正在利用 SAP 旗舰企业资源规划(Enterprise Resource Planning, ERP)软件产品中的一个高危漏洞。 SAP 于周二表示,最高严重性漏洞 ...
The Hacker News

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary ...
Ars Technica

SAP warns of high-severity vulnerabilities in multiple products

As hackers exploit a high-severity vulnerability in SAP’s flagship Enterprise Resource Planning software product, the software maker is warning users of more than two dozen newly detected ...
Bleeping Computer

SAP fixes maximum severity NetWeaver command execution flaw

SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. SAP NetWeaver is the foundation for SAP's business ...
Infosecurity-magazine.com

Public Exploit Released for Critical SAP NetWeaver Flaw

A critical vulnerability in SAP NetWeaver AS Java Visual Composer, tracked as CVE-2025-31324, is now being widely exploited following the release of public exploit tooling. The flaw, patched in April ...
aha.org

H-ISAC TLP White Threat Bulletin: Publicly Available Exploit Code Chains Critical SAP ...

On August 15, 2025, exploit code was released that chains two critical vulnerabilities in SAP NetWeaver’s Visual Composer to bypass authentication and achieve remote code execution. The flaws, tracked ...
CSOonline

Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack

Attackers tried chaining the just-patched SAP Netweaver bug with the stealthy Auto-Color Linux RAT for a multi-stage compromise. Threat actors recently tried to exploit a freshly patched max-severity ...
SecurityWeek

Critical Vulnerability Patched in SAP NetWeaver

Enterprise software maker SAP on Tuesday announced the release of 14 new security patches as part of its June 2025 Security Patch Day, including a note addressing a critical-severity vulnerability in ...
heise online

SAP Netweaver gap: Ransomware groups jump on the bandwagon

At the end of April, SAP had to close a critical security gap in Netweaver. Ransomware groups are now also attacking the leak. The critical vulnerability in SAP Netweaver, which prompted SAP to ...