Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html
May 9, 2025 at 7:06 AM
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html
中国のハッカーがSAP RCE脆弱性CVE-2025-31324を悪用し、Go言語ベースのSuperShellを展開
Chaya_004と呼ばれる中国関連の無名の脅威アクターが、最近公開された SAP NetWeaver のセキュリティ上の欠陥を悪用していることが確認されています。
フォアスカウト・ベデレ・ラボは木曜日に発表したレポートの中で、2025年4月29日以降CVE-2025-31324(CVSSスコア:10.0)を武器化したハッキンググループに関連していると思われる悪意のあるインフラストラクチャを発見したと述べた。
Chaya_004と呼ばれる中国関連の無名の脅威アクターが、最近公開された SAP NetWeaver のセキュリティ上の欠陥を悪用していることが確認されています。
フォアスカウト・ベデレ・ラボは木曜日に発表したレポートの中で、2025年4月29日以降CVE-2025-31324(CVSSスコア:10.0)を武器化したハッキンググループに関連していると思われる悪意のあるインフラストラクチャを発見したと述べた。
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.
thehackernews.com
May 9, 2025 at 11:06 PM
中国のハッカーがSAP RCE脆弱性CVE-2025-31324を悪用し、Go言語ベースのSuperShellを展開
Chaya_004と呼ばれる中国関連の無名の脅威アクターが、最近公開された SAP NetWeaver のセキュリティ上の欠陥を悪用していることが確認されています。
フォアスカウト・ベデレ・ラボは木曜日に発表したレポートの中で、2025年4月29日以降CVE-2025-31324(CVSSスコア:10.0)を武器化したハッキンググループに関連していると思われる悪意のあるインフラストラクチャを発見したと述べた。
Chaya_004と呼ばれる中国関連の無名の脅威アクターが、最近公開された SAP NetWeaver のセキュリティ上の欠陥を悪用していることが確認されています。
フォアスカウト・ベデレ・ラボは木曜日に発表したレポートの中で、2025年4月29日以降CVE-2025-31324(CVSSスコア:10.0)を武器化したハッキンググループに関連していると思われる悪意のあるインフラストラクチャを発見したと述べた。
📰 China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html
https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html
May 13, 2025 at 3:51 PM
📰 China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html
https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html
SAP NetWeaver zero-day allegedly exploited by an initial access broker
A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS sco…
#hackernews #meta #news
A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS sco…
#hackernews #meta #news
SAP NetWeaver zero-day allegedly exploited by an initial access broker
A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader stems from a lack […]
securityaffairs.com
April 26, 2025 at 7:20 PM
SAP NetWeaver zero-day allegedly exploited by an initial access broker
A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS sco…
#hackernews #meta #news
A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS sco…
#hackernews #meta #news
Hackers Unleash Auto-Color Malware: SAP NetWeaver Exploit Chaos!
Hackers exploit a critical SAP NetWeaver vulnerability, CVE-2025-31324, to deploy Auto-Color malware. Darktrace discovers this during an incident response.
thenimblenerd.com?p=1051680
Hackers exploit a critical SAP NetWeaver vulnerability, CVE-2025-31324, to deploy Auto-Color malware. Darktrace discovers this during an incident response.
thenimblenerd.com?p=1051680
Hackers Unleash Auto-Color Malware: SAP NetWeaver Exploit Chaos!
Hackers are dancing the tango with a critical SAP NetWeaver vulnerability, CVE-2025-31324, deploying Auto-Color Linux malware faster than a cat meme goes viral. Darktrace found the malware now sports advanced evasion tactics, making it sneakier than a ninja in a library. If you're running NetWeaver, update faster than you can say "cyberattack"!
thenimblenerd.com
July 29, 2025 at 4:28 PM
Hackers Unleash Auto-Color Malware: SAP NetWeaver Exploit Chaos!
Hackers exploit a critical SAP NetWeaver vulnerability, CVE-2025-31324, to deploy Auto-Color malware. Darktrace discovers this during an incident response.
thenimblenerd.com?p=1051680
Hackers exploit a critical SAP NetWeaver vulnerability, CVE-2025-31324, to deploy Auto-Color malware. Darktrace discovers this during an incident response.
thenimblenerd.com?p=1051680
ハッカーが、CVE-2025-31324 として追跡されている重大な SAP NetWeaver の脆弱性を悪用し Auto-Color Linux マルウェアを展開しているのが確認された
Auto-ColorはハードコードされたC2サーバーにアクセスできない場合、悪意のある動作の大部分を抑制し、一見して無害に見える
www.bleepingcomputer.com/news/securit...
Auto-ColorはハードコードされたC2サーバーにアクセスできない場合、悪意のある動作の大部分を抑制し、一見して無害に見える
www.bleepingcomputer.com/news/securit...
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company.
www.bleepingcomputer.com
July 31, 2025 at 1:25 AM
ハッカーが、CVE-2025-31324 として追跡されている重大な SAP NetWeaver の脆弱性を悪用し Auto-Color Linux マルウェアを展開しているのが確認された
Auto-ColorはハードコードされたC2サーバーにアクセスできない場合、悪意のある動作の大部分を抑制し、一見して無害に見える
www.bleepingcomputer.com/news/securit...
Auto-ColorはハードコードされたC2サーバーにアクセスできない場合、悪意のある動作の大部分を抑制し、一見して無害に見える
www.bleepingcomputer.com/news/securit...
The latest update for #IONIX includes "Asset Discovery: A Starting Point, Not a Security Strategy" and "Exploited! #SAP NetWeaver Visual Composer Unauthenticated File-Upload Vulnerability (CVE-2025-31324)".
#cybersecurity #AttackSurfaceManagement https://opsmtrs.com/3TB5mSA
#cybersecurity #AttackSurfaceManagement https://opsmtrs.com/3TB5mSA
IONIX
IONIX is the only EASM solution that discovers the full extent of your online risk exposure and actively protects your hyper-connected external attack surface.
opsmtrs.com
April 29, 2025 at 3:41 AM
The latest update for #IONIX includes "Asset Discovery: A Starting Point, Not a Security Strategy" and "Exploited! #SAP NetWeaver Visual Composer Unauthenticated File-Upload Vulnerability (CVE-2025-31324)".
#cybersecurity #AttackSurfaceManagement https://opsmtrs.com/3TB5mSA
#cybersecurity #AttackSurfaceManagement https://opsmtrs.com/3TB5mSA
Rapid7 MDR has observed exploitation of SAP NetWeaver Visual Composer CVE-2025-31324 in multiple customer environments dating back to at least late March. Observations and guidance here: www.rapid7.com/blog/post/20...
Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324 | Rapid7 Blog
www.rapid7.com
April 28, 2025 at 12:29 PM
Rapid7 MDR has observed exploitation of SAP NetWeaver Visual Composer CVE-2025-31324 in multiple customer environments dating back to at least late March. Observations and guidance here: www.rapid7.com/blog/post/20...
Exploit für SAP-Sicherheitslücke CVE-2025-31324 veröffentlicht – Angreifer nutzen Schwachstelle aktiv aus
www.all-about-security.de/exploit-fuer...
www.all-about-security.de/exploit-fuer...
Kritische SAP-Sicherheitslücke CVE-2025-31324: Was jetzt?
Unternehmen aufgepasst: Die Sicherheitslücke CVE-2025-31324 wird aktiv ausgenutzt. Erfahren Sie mehr über den ShinyHunters-Exploit.
www.all-about-security.de
September 1, 2025 at 12:06 PM
Exploit für SAP-Sicherheitslücke CVE-2025-31324 veröffentlicht – Angreifer nutzen Schwachstelle aktiv aus
www.all-about-security.de/exploit-fuer...
www.all-about-security.de/exploit-fuer...
1,200台以上のSAP NetWeaverサーバーが、現在悪用されている脆弱性の影響を受ける
インターネットに公開されている 1,200 を超える SAP NetWeaver インスタンスは、攻撃者がサーバーを乗っ取ることができる、最大深刻度の認証されていないファイルアップロードの脆弱性に対して脆弱です。
...
先週、SAP は、SAP NetWeaver Visual Composer、具体的にはメタデータ アップローダー コンポーネントにおける、認証されていないファイルのアップロードの脆弱性 (CVE-2025-31324 として追跡) を公開しました。
インターネットに公開されている 1,200 を超える SAP NetWeaver インスタンスは、攻撃者がサーバーを乗っ取ることができる、最大深刻度の認証されていないファイルアップロードの脆弱性に対して脆弱です。
...
先週、SAP は、SAP NetWeaver Visual Composer、具体的にはメタデータ アップローダー コンポーネントにおける、認証されていないファイルのアップロードの脆弱性 (CVE-2025-31324 として追跡) を公開しました。
Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw
Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers.
www.bleepingcomputer.com
April 28, 2025 at 11:28 PM
1,200台以上のSAP NetWeaverサーバーが、現在悪用されている脆弱性の影響を受ける
インターネットに公開されている 1,200 を超える SAP NetWeaver インスタンスは、攻撃者がサーバーを乗っ取ることができる、最大深刻度の認証されていないファイルアップロードの脆弱性に対して脆弱です。
...
先週、SAP は、SAP NetWeaver Visual Composer、具体的にはメタデータ アップローダー コンポーネントにおける、認証されていないファイルのアップロードの脆弱性 (CVE-2025-31324 として追跡) を公開しました。
インターネットに公開されている 1,200 を超える SAP NetWeaver インスタンスは、攻撃者がサーバーを乗っ取ることができる、最大深刻度の認証されていないファイルアップロードの脆弱性に対して脆弱です。
...
先週、SAP は、SAP NetWeaver Visual Composer、具体的にはメタデータ アップローダー コンポーネントにおける、認証されていないファイルのアップロードの脆弱性 (CVE-2025-31324 として追跡) を公開しました。
Widespread attacks are exploiting a critical SAP NetWeaver zero-day (CVE-2025-31324), allowing remote code execution and full system compromise. Urgent patching is advised. #CyberSecurity #SAP #ZeroDay #CVE202531324 #Infosec #DataBreach cyberscoop.com/sap-netweave...
SAP zero-day vulnerability under widespread active exploitation
Researchers attribute the attacks to an initial access broker who is exploiting the 10.0 critical vulnerability.
cyberscoop.com
April 28, 2025 at 1:20 PM
Widespread attacks are exploiting a critical SAP NetWeaver zero-day (CVE-2025-31324), allowing remote code execution and full system compromise. Urgent patching is advised. #CyberSecurity #SAP #ZeroDay #CVE202531324 #Infosec #DataBreach cyberscoop.com/sap-netweave...
Top 3 CVE for last 7 days:
CVE-2025-31324: 51 interactions
CVE-2024-31497: 20 interactions
CVE-2025-3928: 20 interactions
Top 3 CVE for yesterday:
CVE-2024-0582: 4 interactions
CVE-2024-58136: 3 interactions
CVE-2025-34028: 3 interactions
CVE-2025-31324: 51 interactions
CVE-2024-31497: 20 interactions
CVE-2025-3928: 20 interactions
Top 3 CVE for yesterday:
CVE-2024-0582: 4 interactions
CVE-2024-58136: 3 interactions
CVE-2025-34028: 3 interactions
May 4, 2025 at 2:22 AM
Top 3 CVE for last 7 days:
CVE-2025-31324: 51 interactions
CVE-2024-31497: 20 interactions
CVE-2025-3928: 20 interactions
Top 3 CVE for yesterday:
CVE-2024-0582: 4 interactions
CVE-2024-58136: 3 interactions
CVE-2025-34028: 3 interactions
CVE-2025-31324: 51 interactions
CVE-2024-31497: 20 interactions
CVE-2025-3928: 20 interactions
Top 3 CVE for yesterday:
CVE-2024-0582: 4 interactions
CVE-2024-58136: 3 interactions
CVE-2025-34028: 3 interactions
Guidance for handling CVE-2025-31324 using Microsoft Security capabilities by Shahar Bahat techcommunity.microsoft.com/t5/microsoft...
Guidance for handling CVE-2025-31324 using Microsoft Security capabilities | Microsoft Community Hub
Short Description
Recently, a CVSS 10 vulnerability, CVE-2025-31324, affecting the "Visual Composer" component of the SAP NetWeaver application server, has...
techcommunity.microsoft.com
May 6, 2025 at 10:55 AM
Guidance for handling CVE-2025-31324 using Microsoft Security capabilities by Shahar Bahat techcommunity.microsoft.com/t5/microsoft...
Top 3 CVE for last 7 days:
CVE-2025-32433: 47 interactions
CVE-2024-53104: 17 interactions
CVE-2025-0282: 17 interactions
Top 3 CVE for yesterday:
CVE-2025-0282: 6 interactions
CVE-2025-32432: 6 interactions
CVE-2025-31324: 5 interactions
CVE-2025-32433: 47 interactions
CVE-2024-53104: 17 interactions
CVE-2025-0282: 17 interactions
Top 3 CVE for yesterday:
CVE-2025-0282: 6 interactions
CVE-2025-32432: 6 interactions
CVE-2025-31324: 5 interactions
April 27, 2025 at 2:18 AM
Top 3 CVE for last 7 days:
CVE-2025-32433: 47 interactions
CVE-2024-53104: 17 interactions
CVE-2025-0282: 17 interactions
Top 3 CVE for yesterday:
CVE-2025-0282: 6 interactions
CVE-2025-32432: 6 interactions
CVE-2025-31324: 5 interactions
CVE-2025-32433: 47 interactions
CVE-2024-53104: 17 interactions
CVE-2025-0282: 17 interactions
Top 3 CVE for yesterday:
CVE-2025-0282: 6 interactions
CVE-2025-32432: 6 interactions
CVE-2025-31324: 5 interactions
Top 3 CVE for last 7 days:
CVE-2025-4427: 57 interactions
CVE-2025-47729: 40 interactions
CVE-2025-4428: 37 interactions
Top 3 CVE for yesterday:
CVE-2024-37361: 4 interactions
CVE-2025-31324: 2 interactions
CVE-2025-3416: 2 interactions
CVE-2025-4427: 57 interactions
CVE-2025-47729: 40 interactions
CVE-2025-4428: 37 interactions
Top 3 CVE for yesterday:
CVE-2024-37361: 4 interactions
CVE-2025-31324: 2 interactions
CVE-2025-3416: 2 interactions
May 19, 2025 at 2:21 AM
Top 3 CVE for last 7 days:
CVE-2025-4427: 57 interactions
CVE-2025-47729: 40 interactions
CVE-2025-4428: 37 interactions
Top 3 CVE for yesterday:
CVE-2024-37361: 4 interactions
CVE-2025-31324: 2 interactions
CVE-2025-3416: 2 interactions
CVE-2025-4427: 57 interactions
CVE-2025-47729: 40 interactions
CVE-2025-4428: 37 interactions
Top 3 CVE for yesterday:
CVE-2024-37361: 4 interactions
CVE-2025-31324: 2 interactions
CVE-2025-3416: 2 interactions
Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure
Unlock the Secrets of Ethical Hacking! Ready to dive into the world of offensive security? This course gives you the Black Hat hacker's perspective, teaching you attack techniques to defend against malicious…
Unlock the Secrets of Ethical Hacking! Ready to dive into the world of offensive security? This course gives you the Black Hat hacker's perspective, teaching you attack techniques to defend against malicious…
Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure
Unlock the Secrets of Ethical Hacking! Ready to dive into the world of offensive security? This course gives you the Black Hat hacker's perspective, teaching you attack techniques to defend against malicious activity. Learn to hack Android and Windows systems, create undetectable malware and ransomware, and even master spoofing techniques. Start your first hack in just one hour! Enroll now and gain industry-standard knowledge: Enroll Now! A newly revealed SAP NetWeaver critical vulnerability, an unauthenticated file upload flaw that allows RCE and tracked as CVE-2025-31324, is being actively exploited by several China-linked nation-state groups to attack critical infrastructure systems.
buzzleaktv.com
May 16, 2025 at 9:55 AM
Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure
Unlock the Secrets of Ethical Hacking! Ready to dive into the world of offensive security? This course gives you the Black Hat hacker's perspective, teaching you attack techniques to defend against malicious…
Unlock the Secrets of Ethical Hacking! Ready to dive into the world of offensive security? This course gives you the Black Hat hacker's perspective, teaching you attack techniques to defend against malicious…
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell Tech-Wire - Stay Updated with insights, trends, news and opinions on Technology, Digital Marketing, Education, and HR | Tech-Wire Chinese Hackers Exploit SAP RCE Flaw CV...
| Details | Interest | Feed |
| Details | Interest | Feed |
Origin
tech-wire.in
May 9, 2025 at 5:27 AM
A Chinese threat actor that Forescout tracks as Chaya_004 is behind a recent SAP NetWeaver zero-day (CVE-2025-31324)
www.forescout.com/blog/threat-...
www.forescout.com/blog/threat-...
Threat Analysis: SAP Vulnerability in the Wild by Chinese Threat Actor
Forescout’s Vedere Labs research and threat hunting team analyzes SAP vulnerability (CVE-2025-31324) in the wild.
www.forescout.com
May 8, 2025 at 7:14 PM
A Chinese threat actor that Forescout tracks as Chaya_004 is behind a recent SAP NetWeaver zero-day (CVE-2025-31324)
www.forescout.com/blog/threat-...
www.forescout.com/blog/threat-...
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
thehackernews.com/2025/05/chin...
thehackernews.com/2025/05/chin...
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.
thehackernews.com
May 14, 2025 at 12:02 PM
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
thehackernews.com/2025/05/chin...
thehackernews.com/2025/05/chin...
🧐 VulnWatch Wednesday: CVE-2025-31324 🔓
In a new update, ReliaQuest revealed that a highly critical vulnerability in SAP NetWeaver Visual Composer development server was likely exploited by China-linked threat actors, adding new dimensions to the investigation.
In a new update, ReliaQuest revealed that a highly critical vulnerability in SAP NetWeaver Visual Composer development server was likely exploited by China-linked threat actors, adding new dimensions to the investigation.
May 14, 2025 at 5:01 PM
🧐 VulnWatch Wednesday: CVE-2025-31324 🔓
In a new update, ReliaQuest revealed that a highly critical vulnerability in SAP NetWeaver Visual Composer development server was likely exploited by China-linked threat actors, adding new dimensions to the investigation.
In a new update, ReliaQuest revealed that a highly critical vulnerability in SAP NetWeaver Visual Composer development server was likely exploited by China-linked threat actors, adding new dimensions to the investigation.
#UPDATE: Active Exploitation Since March
CVE-2025-31324, a new SAP zero-day, was exploited weeks before disclosure.
Attackers could upload files without authentication, hijack full system access, and plant persistent web shells.
thehackernews.com/2025/04/sap-...
CVE-2025-31324, a new SAP zero-day, was exploited weeks before disclosure.
Attackers could upload files without authentication, hijack full system access, and plant persistent web shells.
thehackernews.com/2025/04/sap-...
New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework
Threat actors exploit SAP NetWeaver flaw + zero-day suspected + CVE-2025-31324 enables file uploads.
thehackernews.com
April 30, 2025 at 12:20 AM
#UPDATE: Active Exploitation Since March
CVE-2025-31324, a new SAP zero-day, was exploited weeks before disclosure.
Attackers could upload files without authentication, hijack full system access, and plant persistent web shells.
thehackernews.com/2025/04/sap-...
CVE-2025-31324, a new SAP zero-day, was exploited weeks before disclosure.
Attackers could upload files without authentication, hijack full system access, and plant persistent web shells.
thehackernews.com/2025/04/sap-...
🚨 CVE-2025-31324 in SAP NetWeaver allows unauth RCE via file upload.
Try with Modat Magnify:
Run → product="SAP NetWeaver"
magnify.modat.io
#ModatMagnify #CVE-2025-31324 #CyberSecurity
Try with Modat Magnify:
Run → product="SAP NetWeaver"
magnify.modat.io
#ModatMagnify #CVE-2025-31324 #CyberSecurity
Modat Magnify
magnify.modat.io
April 25, 2025 at 1:33 PM
🚨 CVE-2025-31324 in SAP NetWeaver allows unauth RCE via file upload.
Try with Modat Magnify:
Run → product="SAP NetWeaver"
magnify.modat.io
#ModatMagnify #CVE-2025-31324 #CyberSecurity
Try with Modat Magnify:
Run → product="SAP NetWeaver"
magnify.modat.io
#ModatMagnify #CVE-2025-31324 #CyberSecurity
A new exploit combining CVE-2025-31324 and CVE-2025-42999 in SAP NetWeaver allows unauthenticated remote code execution, putting unpatched systems at risk. The vulnerabilities, with CVSS scores of 10.0 and 9.1 respectively, were exploited by ransomware groups and espionage actors since March 2025.
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
thehackernews.com
August 20, 2025 at 10:33 AM
A new exploit combining CVE-2025-31324 and CVE-2025-42999 in SAP NetWeaver allows unauthenticated remote code execution, putting unpatched systems at risk. The vulnerabilities, with CVSS scores of 10.0 and 9.1 respectively, were exploited by ransomware groups and espionage actors since March 2025.