VDB
NCSC-2025-0119
NCSC-2025-0119
PUBLISHED
CVSS 9.800000190734863 CRITICAL
SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, en SAP CRM.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vers:unknown/6.17 | ||
| vers:unknown/6.06 | ||
| vers:unknown/6.03 | ||
| vers:unknown/6.18 | ||
| vers:unknown/6.16 | ||
| vers:unknown/10.0.0.1933 | ||
| vers:unknown/6.05 | ||
| vers:unknown/2.00 | ||
| vers:unknown/10.0 | ||
| vers:unknown/6.04 | ||
| vers:unknown/* | ||
| vers:unknown/8.0 | ||
| vers:unknown/6.0 | ||
| vers:unknown/10.1 |
Exploit Intelligence
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html (circl)
- https://me.sap.com/notes/3594142 (circl)
- https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/ (circl)
- https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/ (circl)
- expl_sap_netweaver_apr25.yar (github-yara)
- SCRIPT.yar (github-yara)
Timeline
- Apr 9, 2025 CVE Published
- Apr 30, 2025 CVE Updated
- Sep 30, 2025 PoC Published
- Feb 4, 2026 PoC Published
References
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html url
- https://me.sap.com/notes/3594142 url
- https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/ url
- https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/ url