CVE-2025-31324 (CVSS 10): Zero-Day in SAP NetWeaver Exploited in the Wild to Deploy Webshells and C2 Frameworks

April 25, 2025

CVE-2025-31324 (CVSS 10): Zero-Day in SAP NetWeaver Exploited in the Wild to Deploy Webshells and C2 Frameworks

A critical zero-day vulnerability affecting SAP NetWeaver Visual Composer MetadataUploader, now tracked as CVE-2025-31324, is being actively exploited in the wild to compromise enterprise and governme …

Published Date:
Apr 25, 2025 (5 hours, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

Source: Read More

Previous ArticleLazarus APT Attacking Organizations by Exploiting One-Day vulnerabilities

Next Article Microsoft’s Patch for Symlink Exploit Introduces New Windows Update DoS Flaw

Highlights

CVE-2025-55285 – Backstage Plugin Scaffolder Backend Information Disclosure

August 15, 2025

CVE ID : CVE-2025-55285

Published : Aug. 15, 2025, 6:15 p.m. | 7 hours, 6 minutes ago

Description : @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If ${{ secrets.x }} is not passed through to fetch:template there is no impact. This issue has been resolved in 2.1.1 of the scaffolder-backend plugin. A workaround for this issue involves Template Authors removing the use of ${{ secrets }} being used as an argument to fetch:template.

Severity: 2.6 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CVE-2025-31324 (CVSS 10): Zero-Day in SAP NetWeaver Exploited in the Wild to Deploy Webshells and C2 Frameworks

CVE-2025-31324 (CVSS 10): Zero-Day in SAP NetWeaver Exploited in the Wild to Deploy Webshells and C2 Frameworks

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

VL-Cogito: Advancing Multimodal Reasoning with Progressive Curriculum Reinforcement Learning

My 4 favorite Linux distros for streaming – and why choosing the right one makes a huge difference

Xbox’s Age of Empires 2: Definitive Edition is getting The Three Kingdoms DLC, bringing new units, campaigns, and more

“It Makes Me Uneasy” — OpenAI’s Sam Altman Responds to Backlash After GPT-5 Wipes Out Virtual Companions

CVE-2025-55285 – Backstage Plugin Scaffolder Backend Information Disclosure

CVE-2025-42992 – SAPCAR Privilege Escalation Vulnerability

CVE-2025-9168 – SolidInvoice Cross-Site Scripting Vulnerability

Want better AI images? I tried Midjourney 7 and it blew me away – here’s why

CVE-2025-31324 (CVSS 10): Zero-Day in SAP NetWeaver Exploited in the Wild to Deploy Webshells and C2 Frameworks

CVE-2025-31324 (CVSS 10): Zero-Day in SAP NetWeaver Exploited in the Wild to Deploy Webshells and C2 Frameworks

Related Posts