A just-patched vulnerability in SAP’s NetWeaver Visual Composer Web-based software modeling tool is being actively exploited by attackers. The vulnerability, CVE-2025-31324, has a maximum CVSS score of 10 and affects all SAP NetWeaver 7.xx versions. The zero-day allows an unauthenticated remote attacker to upload files with no restrictions. Over 450 Internet exposed instances are vulnerable, discovered by the Shadowserver Foundation. 

Read more: https://www.darkreading.com/cyberattacks-data-breaches/sap-netweaver-visual-composer-flaw-active-exploitation