{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"SAP NetWeaver Under Siege: New Exploit Chains Threaten Global Enterprises","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/8e5782c6\"></iframe>","width":"100%","height":180,"duration":2693,"description":"SAP NetWeaver, one of the world’s most critical enterprise platforms, is under active attack from both ransomware groups and state-backed hackers. A newly released exploit combines two devastating vulnerabilities—CVE-2025-31324 and CVE-2025-42999—to bypass authentication and execute malicious code with full administrative privileges. With CVSS scores of 10.0 and 9.1, these flaws rank among the most severe ever discovered in SAP systems.Although SAP issued patches earlier this year, dozens of unpatched NetWeaver servers remain exposed, leaving organizations vulnerable to complete compromise. The attack chain is straightforward but highly effective:Exploit CVE-2025-31324 (missing authorization check) to upload malicious payloads without authentication.Trigger CVE-2025-42999 (insecure deserialization) to execute the uploaded code at SAP system privilege level.The result: Remote Code Execution (RCE), enabling attackers to hijack business-critical applications, steal sensitive data, alter financial records, or deploy ransomware across entire corporate landscapes.Threat actors exploiting these flaws include:China-linked APTs such as UNC5221, UNC5174, CL-STA-0048, and Earth Lamia, known for espionage and long-term persistence operations.Russian ransomware groups like BianLian, RansomEXX, and Qilin, who are actively monetizing these exploits through extortion and disruption.Security experts warn that the insecure deserialization technique underpinning CVE-2025-42999 could resurface in future SAP vulnerabilities, making this exploit chain part of a broader, evolving threat landscape.The stakes are enormous. Victims already include critical infrastructure sectors:Natural gas and water utilities in the UKOil and gas producers in the U.S.Medical device manufacturersGovernment ministries in Saudi ArabiaThe business consequences range from PII exposure and data corruption to ransomware-driven outages reminiscent of high-profile ERP disruptions in recent years.Indicators of...","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}