SAP released 16 new security notes on its May 2025 Security Patch Day, including for another critical NetWeaver vulnerability ...

Threat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability.

SAP disclosed a 10/10 flaw in NetWeaver Visual Composer The bug allows threat actors to upload malware Researchers claim up to 1,200 instances are vulnerable More than 1,200 SAP instances are at ...

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers.

SAP's latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day. However, we can't say for sure whether that's the case ...

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. The vulnerability, tracked under CVE ...

Attackers have been exploiting a critical zero-day vulnerability in the Visual Composer component of the SAP NetWeaver application server since early this week. SAP released an out-of-band fix ...

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is ...

SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to ...