SAP released an out-of-band fix that’s available through its support portal and it should be applied ... to upload arbitrary files to an SAP NetWeaver instance, which means full remote code ...

Two ransomware groups and several Chinese APTs have been exploiting two recent SAP NetWeaver vulnerabilities. At least two ransomware groups and multiple Chinese APTs have been observed targeting two ...

The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004 ...

SAP released 16 new security notes on its May 2025 Security Patch Day, including for another critical NetWeaver vulnerability ...

Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting ...

BianLian, RansomEXX, and others, are jumping the NetWeaver bandwagon In late April, SAP fixed a 10/10 bug in NetWeaver Visual ...

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. The vulnerability, tracked under CVE ...

SAP fixed CVE-2025-42999, a 9.1/10 vulnerability in NetWeaver This one was chained with CVE-2025-31324, which was fixed in ...

A second wave of cyberattacks is targeting a critical vulnerability in SAP NetWeaver Visual Composer, according to researchers. Following the initial round of threat activity disclosed in April ...

German software company SAP has finally disclosed and fixed a highly critical vulnerability in the NetWeaver Visual Composer development server after evidence of exploitation in the wild. NetWeaver ...

Ivanti patched two flaws being chained to mount RCE attacks A "limited number" of companies were allegedly compromised Only ...