CVE-2025-31329 – SAP NetWeaver Information Disclosure Injection Vulnerability

May 13, 2025

CVE ID : CVE-2025-31329

Published : May 13, 2025, 1:15 a.m. | 1 hour, 49 minutes ago

Description : SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.

Severity: 6.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-43010 – SAP S/4HANA Cloud Private Edition or on Premise ABAP Program Replacement Remote Code Execution Vulnerability

Next Article CVE-2025-43003 – SAP S/4 HANA Configuration Privilege Escalation

Highlights

CVE-2025-49091 – KDE Konsole Remote Code Execution Vulnerability

June 10, 2025

CVE ID : CVE-2025-49091

Published : June 11, 2025, 1:15 a.m. | 35 minutes ago

Description : KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Never Stop Exploring (July 2025 Wallpapers Edition)

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

I never thought I’d praise a kickstand power bank – until I tried this one

I replaced my work PC with this Alienware laptop – now I’m wondering why I hadn’t done this sooner

How to set up Alexa to receive notifications on Prime Day deals you want

How proxy servers actually work, and why they’re so valuable

What’s the difference between named functions and arrow functions in JavaScript?

What’s the difference between named functions and arrow functions in JavaScript?

Spring Boot + Swagger: A Complete Guide to API Documentation

Wire Room Math: AI + SME = (Less Compensation Paid) X (Headline Risk + Payment Errors)^2

Artix Linux: Introduzione di XLibre nelle Build Sperimentali

Artix Linux: Introduzione di XLibre nelle Build Sperimentali

Orange Pi R2S Single Board Computer Running Linux: Introduction

vmstat – reports virtual memory statistics

CVE-2025-31329 – SAP NetWeaver Information Disclosure Injection Vulnerability

⚡ Weekly Recap: Chrome 0-Day, 7.3 Tbps DDoS, MFA Bypass Tricks, Banking Trojan and More

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

Sam Altman Says AI Privacy Concerns Are Real — But Early Regulation Could Hurt Innovation

CVE-2025-4718 – Campcodes Sales and Inventory System SQL Injection

Windows 11 will throttle your CPU when you’re away to boost battery life

CVE-2025-4434 – WordPress Remote Images Grabber Plugin Reflected Cross-Site Scripting Vulnerability

CVE-2025-49091 – KDE Konsole Remote Code Execution Vulnerability

CVE-2025-43864 – React Router Cache Poisoning Vulnerability

CVE-2025-5252 – PHPGurukul News Portal Project SQL Injection Vulnerability

CVE-2025-32301 – LambertGroup CountDown Pro WP Plugin SQL Injection

CVE-2025-31329 – SAP NetWeaver Information Disclosure Injection Vulnerability

Related Posts