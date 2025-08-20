Vulnerable SAP NetWeaver instances could be taken over in attacks involving an exploit chain published by VX-Underground, which combines the maximum severity inadequate authorization check flaw, tracked as CVE-2025-31324 , and the critical insecure deserialization bug, tracked as CVE-2025-42999, Security Affairs reports.

Both of the security issues, which stem from SAP NetWeaver's Visual Composer development server, could enable arbitrary command execution, resulting in remote code execution, webshell deployment, and the total hijacking of the system, as well as SAP business data and processes, according to an analysis from Onapsis. "The publication of this deserialization gadget is particularly concerning due to the fact that it can be reused in other contexts, such as exploiting the deserialization vulnerabilities that were recently patched by SAP in July, which were discovered and reported by Onapsis," said the cybersecurity firm, which urged the immediate patching of the critical SAP NetWeaver vulnerabilities.