SAP security updated its April 2025 Security Patch Day bulletin to address a Critical, 0-day, exploited vulnerability in SAP NetWeaver. SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system.

For a complete description of the vulnerabilities and affected systems, go to CVE-2025-31324 Detail.

IT Security

Read more about IT Security service offerings.