Threat Brief: CVE-2025-31324

216.73.216.6

Threat Brief: CVE-2025-31324

· Published 12/05/2025 07:05 · Modified 12/05/2025 07:17

Essential information

Published: 12/05/2025 07:05
Modified: 12/05/2025 07:17
Tags: 2025-05-12 alliance april attempted get cve202531324 goreverse hosting http ipv4 address sap netweaver sha256 hash suspected web test visual composer
Related entities: 1 vulnerabilities (cve), 44 observables, 1 techniques (mitre)

Description

CVE-2025-31324 is a critical vulnerability residing in the SAP NetWeaver Application Server Java's Visual Composer component (VCFRAMEWORK). While not installed by default, business analysts commonly use this component to create applications without coding, making it widely present in SAP deployments. following the public disclosure of this vulnerability, PaloAlto saw a variety of attacks exploiting this vulnerability and attempting to send different payloads to the server.

External references

https://unit42.paloaltonetworks.com/threat-brief-sap-netweaver-cve-2025-31324/
https://otx.alienvault.com/pulse/68219dbcc29dafb76bee4224