cvelistv5 - cve-2025-31324

CVE-2025-31324 (GCVE-0-2025-31324)

Vulnerability from cvelistv5

Published

2025-04-24 16:50

Modified

2026-02-26 18:28

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Summary

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

References

URL

Tags

	https://me.sap.com/notes/3594142
	https://url.sap/sapsecuritypatchday

Impacted products

	Vendor	Product	Version
	SAP_SE	SAP NetWeaver (Visual Composer development server)	Version: VCFRAMEWORK 7.50

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2025-04-29

Due date: 2025-05-20

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Known

Notes: https://me.sap.com/notes/3594142 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31324

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-31324",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T03:56:21.966706Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-04-29",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31324"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:05.363Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "technical-description"
            ],
            "url": "https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31324"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-04-29T00:00:00.000Z",
            "value": "CVE-2025-31324 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-02T17:13:30.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.theregister.com/2025/04/25/sap_netweaver_patch/"
          },
          {
            "url": "https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/"
          },
          {
            "url": "https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP NetWeaver (Visual Composer development server)",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "VCFRAMEWORK 7.50"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.\u003c/p\u003e"
            }
          ],
          "value": "SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
              "lang": "eng",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-24T16:50:27.706Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://me.sap.com/notes/3594142"
        },
        {
          "url": "https://url.sap/sapsecuritypatchday"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Missing Authorization check in SAP NetWeaver (Visual Composer development server)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2025-31324",
    "datePublished": "2025-04-24T16:50:27.706Z",
    "dateReserved": "2025-03-27T23:02:06.906Z",
    "dateUpdated": "2026-02-26T18:28:05.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-31324",
      "cwes": "[\"CWE-434\"]",
      "dateAdded": "2025-04-29",
      "dueDate": "2025-05-20",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://me.sap.com/notes/3594142 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31324",
      "product": "NetWeaver",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.",
      "vendorProject": "SAP",
      "vulnerabilityName": "SAP NetWeaver Unrestricted File Upload Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.theregister.com/2025/04/25/sap_netweaver_patch/\"}, {\"url\": \"https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/\"}, {\"url\": \"https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-02T17:13:30.650Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-31324\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-30T03:56:21.966706Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-04-29\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31324\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-29T00:00:00.000Z\", \"value\": \"CVE-2025-31324 added to CISA KEV\"}], \"references\": [{\"url\": \"https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/\", \"tags\": [\"technical-description\"]}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31324\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-24T17:44:44.252Z\"}}], \"cna\": {\"title\": \"Missing Authorization check in SAP NetWeaver (Visual Composer development server)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP_SE\", \"product\": \"SAP NetWeaver (Visual Composer development server)\", \"versions\": [{\"status\": \"affected\", \"version\": \"VCFRAMEWORK 7.50\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://me.sap.com/notes/3594142\"}, {\"url\": \"https://url.sap/sapsecuritypatchday\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eSAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"eng\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434: Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2025-04-24T16:50:27.706Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-31324\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:55:17.980Z\", \"dateReserved\": \"2025-03-27T23:02:06.906Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2025-04-24T16:50:27.706Z\", \"assignerShortName\": \"sap\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-ALE-005

Vulnerability from certfr_alerte

Le 24 avril 2025, SAP a publié un bulletin de sécurité relatif à la vulnérabilité CVE-2025-31324 qui permet l'exécution de code arbitraire à distance pour un utilisateur non authentifié. Cette vulnérabilité est provoquée par un contournement de la politique de sécurité qui permet de télécharger des fichiers arbitraires et potentiellement exécutables sur le serveur. Elle impacte le composant Visual Composer development server, non installé par défaut mais fréquemment utilisé.

Le CERT-FR a connaissance de plusieurs compromissions liées à cette vulnérabilité.

L'accès aux détails complets concernant cette vulnérabilité ([1] [2]) nécessite un compte utilisateur pour le support SAP. Le bulletin de sécurité du 8 avril 2025 a été mis à jour pour indiquer cette nouvelle vulnérabilité sans faire mention de son exploitation active.

Identification du composant vulnérable

Il est possible de vérifier que le composant vulnérable Visual Composer development server est activé au travers de l'URL http://hote:port/nwa/sysinfo et de chercher la présence du composant VISUAL COMPOSER FRAMEWORK (VCFRAMEWORK.SCA ou VCFRAMEWORK). Si la ligne indique NO, le composant n'est pas installé.

Solutions

Avant d'appliquer le correctif de sécurité, il est nécessaire de vérifier qu'aucun fichier avec l'extension jsp, java ou class n'est présent dans les dossiers suivants : * C:\usr\sap\<SID>\<InstanceID>\j2ee\cluster\apps\sap.com\irj\servlet_jsp\irj\root * C:\usr\sap\<SID>\<InstanceID>\j2ee\cluster\apps\sap.com\irj\servlet_jsp\irj\work * C:\usr\sap\<SID>\<InstanceID>\j2ee\cluster\apps\sap.com\irj\servlet_jsp\irj\work\sync

De plus, il est nécessaire de vérifier dans les journaux du serveur web : * des accès à l'URL /developmentserver/metadatauploader via une requête POST avec un code HTTP 200 sans authentification ; * des accès aux URL de la forme /irj/helper.jsp, /irj/cache.jsp ou /irj/\w{8}.jsp[3].

Enfin il est possible de consulter [4] pour d'autres indicateurs de compromission. Note : Ces indicateurs n'ont pas été qualifiés par le CERT-FR.

Si des fichiers malveillants ou des journaux suspects sont présents : * signaler l’événement auprès du CERT-FR en mettant en copie vos éventuels CSIRTs métier et consulter les bons réflexes en cas d'intrusion sur votre système d'information [5] ; * isoler totalement la machine concernée du réseau, vis-à-vis d'Internet comme du réseau interne, afin de limiter les risques de latéralisation ; * en cas d'utilisation d'une appliance virtuelle, réaliser un instantané du système de fichier et de la mémoire vive ; * si possible, éviter d'éteindre la machine afin de conserver les traces nécessaires aux investigations ; * mettre sous séquestre les journaux collectés.

Les correctifs pour le composant Visual Composer Framework 7.50 sont listés et disponibles dans le bulletin de sécurité 3594142 de l'éditeur.

Des mesures de contournements sont proposées par l'éditeur [1].

Impacted products

	Vendor	Product	Description
	SAP	NetWeaver	NetWeaver (Visual Composer development server) versions VCFRAMEWORK 7.50 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité SAP april-2025	2025-04-24	vendor-advisory
Bulletin de sécurité SAP 3594142 version 17	2025-04-24	vendor-advisory
Avis CERT-FR CERTFR-2025-AVI-0350 du 25 avril 2025	-	other
[4] Billet de blogue de Reliaquest relatif à l'exploitation de la vulnérabilité CVE-2025-31324	-	other
[5] Les bons réflexes en cas d’intrusion sur un système d’information	-	other
[3] Billet de blogue Rapid7 du 28 avril relatif à la vulnérabilité CVE-2025-31324	-	other
[1] Bulletin de sécurité SAP 3593336 version 5 du 28/04/2025 relatif aux mesures de contournement	-	other
[2] FAQ sur l'exploitation de la vulnérabilité CVE-2025-31324	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetWeaver (Visual Composer development server) versions VCFRAMEWORK 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2025-06-24",
  "content": "## Identification du composant vuln\u00e9rable \n\nIl est possible de v\u00e9rifier que le composant vuln\u00e9rable Visual Composer development server est activ\u00e9 au travers de l\u0027URL `http://hote:port/nwa/sysinfo` et de chercher la pr\u00e9sence du composant  `VISUAL COMPOSER FRAMEWORK` (`VCFRAMEWORK.SCA` ou `VCFRAMEWORK`). Si la ligne indique `NO`, le composant n\u0027est pas install\u00e9.\n\n## Solutions\n\nAvant d\u0027appliquer le correctif de s\u00e9curit\u00e9, il est n\u00e9cessaire de v\u00e9rifier qu\u0027aucun fichier avec l\u0027extension `jsp`,  `java` ou `class` n\u0027est pr\u00e9sent dans les dossiers suivants :\n* `C:\\usr\\sap\\\u003cSID\u003e\\\u003cInstanceID\u003e\\j2ee\\cluster\\apps\\sap.com\\irj\\servlet_jsp\\irj\\root`\n* `C:\\usr\\sap\\\u003cSID\u003e\\\u003cInstanceID\u003e\\j2ee\\cluster\\apps\\sap.com\\irj\\servlet_jsp\\irj\\work`\n* `C:\\usr\\sap\\\u003cSID\u003e\\\u003cInstanceID\u003e\\j2ee\\cluster\\apps\\sap.com\\irj\\servlet_jsp\\irj\\work\\sync`\n\nDe plus, il est n\u00e9cessaire de v\u00e9rifier dans les journaux du serveur web : \n* des acc\u00e8s \u00e0 l\u0027URL `/developmentserver/metadatauploader` via une requ\u00eate POST avec un code HTTP 200 sans authentification ;\n* des acc\u00e8s aux URL de la forme `/irj/helper.jsp`, `/irj/cache.jsp` ou `/irj/\\w{8}.jsp`[3].\n\nEnfin il est possible de consulter [4] pour d\u0027autres indicateurs de compromission. *Note : Ces indicateurs n\u0027ont pas \u00e9t\u00e9 qualifi\u00e9s par le CERT-FR.*\n\u003cbr\u003e\u003c/br\u003e\nSi des fichiers malveillants ou des journaux suspects sont pr\u00e9sents : \n* signaler l\u2019\u00e9v\u00e9nement aupr\u00e8s du CERT-FR en mettant en copie vos \u00e9ventuels CSIRTs m\u00e9tier et consulter les bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me d\u0027information [5] ;\n* isoler totalement la machine concern\u00e9e du r\u00e9seau, vis-\u00e0-vis d\u0027Internet comme du r\u00e9seau interne, afin de limiter les risques de lat\u00e9ralisation ;\n* en cas d\u0027utilisation d\u0027une appliance virtuelle, r\u00e9aliser un instantan\u00e9 du syst\u00e8me de fichier et de la m\u00e9moire vive ;\n* si possible, \u00e9viter d\u0027\u00e9teindre la machine afin de conserver les traces n\u00e9cessaires aux investigations ;\n* mettre sous s\u00e9questre les journaux collect\u00e9s.\n\nLes correctifs pour le composant Visual Composer Framework 7.50 sont list\u00e9s et disponibles dans le bulletin de s\u00e9curit\u00e9 3594142 de l\u0027\u00e9diteur. \n\nDes mesures de contournements sont propos\u00e9es par l\u0027\u00e9diteur [1]. ",
  "cves": [
    {
      "name": "CVE-2025-31324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31324"
    }
  ],
  "initial_release_date": "2025-04-28T00:00:00",
  "last_revision_date": "2025-06-24T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0350 du 25 avril 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0350/"
    },
    {
      "title": "[4] Billet de blogue de Reliaquest relatif \u00e0 l\u0027exploitation de la vuln\u00e9rabilit\u00e9  CVE-2025-31324",
      "url": "https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/"
    },
    {
      "title": "[5] Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": " https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/ "
    },
    {
      "title": "[3] Billet de blogue Rapid7 du 28 avril relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2025-31324",
      "url": "https://www.rapid7.com/blog/post/2025/04/28/etr-active-exploitation-of-sap-netweaver-visual-composer-cve-2025-31324/"
    },
    {
      "title": "[1] Bulletin de s\u00e9curit\u00e9 SAP 3593336 version 5 du 28/04/2025 relatif aux mesures de contournement",
      "url": "https://me.sap.com/notes/3593336"
    },
    {
      "title": "[2] FAQ sur l\u0027exploitation de la vuln\u00e9rabilit\u00e9 CVE-2025-31324",
      "url": " https://me.sap.com/notes/3596125"
    }
  ],
  "reference": "CERTFR-2025-ALE-005",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-28T00:00:00.000000"
    },
    {
      "description": " Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2025-06-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Le 24 avril 2025, SAP a publi\u00e9 un bulletin de s\u00e9curit\u00e9 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2025-31324 qui permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance pour un utilisateur non authentifi\u00e9. Cette vuln\u00e9rabilit\u00e9 est provoqu\u00e9e par un contournement de la politique de s\u00e9curit\u00e9 qui permet de t\u00e9l\u00e9charger des fichiers arbitraires et potentiellement ex\u00e9cutables sur le serveur. Elle impacte le composant *Visual Composer development server*, non install\u00e9 par d\u00e9faut mais fr\u00e9quemment utilis\u00e9.\n\nLe CERT-FR a connaissance de plusieurs compromissions li\u00e9es \u00e0 cette vuln\u00e9rabilit\u00e9. \n\n\nL\u0027acc\u00e8s aux d\u00e9tails complets concernant cette vuln\u00e9rabilit\u00e9 ([1] [2]) n\u00e9cessite un compte utilisateur pour le support SAP. Le bulletin de s\u00e9curit\u00e9 du 8 avril 2025 a \u00e9t\u00e9 mis \u00e0 jour pour indiquer cette nouvelle vuln\u00e9rabilit\u00e9 sans faire mention de son exploitation active.",
  "title": "Vuln\u00e9rabilit\u00e9 dans SAP NetWeaver",
  "vendor_advisories": [
    {
      "published_at": "2025-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 SAP april-2025",
      "url": " https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html "
    },
    {
      "published_at": "2025-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 SAP 3594142 version 17",
      "url": "https://me.sap.com/notes/3594142"
    }
  ]
}

CERTFR-2025-AVI-0285

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que la vulnérabilité CVE-2025-31324 est activement exploitée.

Impacted products

Vendor	Product	Description
SAP	S/4HANA (Private Cloud)	S/4HANA (Learning Solution) versions S4HCMGXX 100 et 101 sans le dernier correctif de sécurité
SAP	NetWeaver Application Server pour ABAP	NetWeaver Application Server ABAP (applications based on GUI for HTML) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.14 sans le dernier correctif de sécurité
SAP	SAP BusinessObjects Business Intelligence	BusinessObjects Business Intelligence platform (Central Management Console) versions ENTERPRISE 430 et 2025 sans le dernier correctif de sécurité
SAP	NetWeaver Application Server pour ABAP	NetWeaver Application Server ABAP (Virus Scan Interface) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité
SAP	NetWeaver et ABAP	NetWeaver et ABAP Platform (Service Data Collection) versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de sécurité
SAP	NetWeaver Application Server pour ABAP	NetWeaver versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité
SAP	S4CORE entity	S4CORE entity versions S4CORE 107 et 108 sans le dernier correctif de sécurité
SAP	Commerce Cloud	Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité
SAP	ERP BW Business Content	ERP BW Business Content versions BI_CONT 707, 737, 747 et 757 sans le dernier correctif de sécurité
SAP	Commerce Cloud	Commerce Cloud (Public Cloud) version COM_CLOUD 2211 sans le dernier correctif de sécurité
SAP	N/A	Field Logistics versions S4CORE 107 et 108 sans le dernier correctif
SAP	NetWeaver Application Server pour ABAP	NetWeaver Application Server ABAP versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 et 7.93 sans le dernier correctif de sécurité
SAP	NetWeaver et ABAP	NetWeaver (Visual Composer development server) versions VCFRAMEWORK 7.50 sans le dernier correctif de sécurité
SAP	NetWeaver et ABAP	NetWeaver et ABAP Platform (Application Server ABAP) versions KRNL64UC 7.53, KERNEL 7.53 et 7.54 sans le dernier correctif de sécurité
SAP	Solution Manager	Solution Manager versions ST 720, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 914 sans le dernier correctif de sécurité
SAP	Capital Yield Tax Management	Capital Yield Tax Management versions CYTERP 420_700, CYT 800, IBS 7.0 et CYT4HANA 100 sans le dernier correctif de sécurité
SAP	SAP BusinessObjects Business Intelligence	BusinessObjects Business Intelligence Platform version ENTERPRISE 430 sans le dernier correctif de sécurité
SAP	S/4HANA (Private Cloud)	S/4HANA (Private Cloud) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de sécurité
SAP	CRM	CRM et S/4HANA (Interaction Center) versions S4CRM 100, 200, 204, 205, 206, S4FND 102, 103, 104, 105, 106, 107, 108, S4CEXT 107, 108, BBPCRM 701, 702, 712, 713, 714, WEBCUIF 701, 731, 746, 747, 748, 800 et 801 sans le dernier correctif de sécurité
SAP	KMC WPC	KMC WPC version KMC-WPC 7.50 sans le dernier correctif de sécurité
SAP	Landscape Transformation	Landscape Transformation (Analysis Platform) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730 et 2011_1_731 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité SAP april-2025	2025-04-08	vendor-advisory
FAQ sur l'exploitation de la vulnérabilité CVE-2025-31324	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "S/4HANA (Learning Solution) versions S4HCMGXX 100 et 101 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "S/4HANA (Private Cloud)",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server ABAP (applications based on GUI for HTML) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.14 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Application Server pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BusinessObjects Business Intelligence platform (Central Management Console) versions ENTERPRISE 430 et 2025 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "SAP BusinessObjects Business Intelligence",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server ABAP (Virus Scan Interface) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Application Server pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver et ABAP Platform (Service Data Collection) versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver et ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Application Server pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S4CORE entity versions S4CORE 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "S4CORE entity",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Commerce Cloud",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "ERP BW Business Content versions BI_CONT 707, 737, 747 et 757 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "ERP BW Business Content",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce Cloud (Public Cloud) version COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9\n",
      "product": {
        "name": "Commerce Cloud",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Field Logistics versions S4CORE 107 et 108 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server ABAP versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 et 7.93 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Application Server pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver (Visual Composer development server) versions VCFRAMEWORK 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver et ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver et ABAP Platform (Application Server ABAP) versions KRNL64UC 7.53, KERNEL 7.53 et 7.54 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver et ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Solution Manager versions ST 720, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 914 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Solution Manager",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Capital Yield Tax Management versions CYTERP 420_700, CYT 800, IBS 7.0 et CYT4HANA 100 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Capital Yield Tax Management",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BusinessObjects Business Intelligence Platform version ENTERPRISE 430 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "SAP BusinessObjects Business Intelligence",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA (Private Cloud) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "S/4HANA (Private Cloud)",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "CRM et S/4HANA (Interaction Center) versions S4CRM 100, 200, 204, 205, 206, S4FND 102, 103, 104, 105, 106, 107, 108, S4CEXT 107, 108, BBPCRM 701, 702, 712, 713, 714, WEBCUIF 701, 731, 746, 747, 748, 800 et 801 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "CRM",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "KMC WPC version KMC-WPC 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "KMC WPC",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Landscape Transformation (Analysis Platform) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730 et 2011_1_731 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Landscape Transformation",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que la vuln\u00e9rabilit\u00e9 CVE-2025-31324 est activement exploit\u00e9e.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-30015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30015"
    },
    {
      "name": "CVE-2025-31333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31333"
    },
    {
      "name": "CVE-2025-27429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27429"
    },
    {
      "name": "CVE-2025-27428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27428"
    },
    {
      "name": "CVE-2025-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0064"
    },
    {
      "name": "CVE-2025-23186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23186"
    },
    {
      "name": "CVE-2025-27435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27435"
    },
    {
      "name": "CVE-2025-26654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26654"
    },
    {
      "name": "CVE-2025-26653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26653"
    },
    {
      "name": "CVE-2025-31324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31324"
    },
    {
      "name": "CVE-2025-30014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30014"
    },
    {
      "name": "CVE-2024-56337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
    },
    {
      "name": "CVE-2025-27437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27437"
    },
    {
      "name": "CVE-2025-30016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30016"
    },
    {
      "name": "CVE-2025-31332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31332"
    },
    {
      "name": "CVE-2025-26657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26657"
    },
    {
      "name": "CVE-2025-31328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31328"
    },
    {
      "name": "CVE-2025-30013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30013"
    },
    {
      "name": "CVE-2025-30017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30017"
    },
    {
      "name": "CVE-2025-27430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27430"
    },
    {
      "name": "CVE-2025-31331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31331"
    },
    {
      "name": "CVE-2025-31330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31330"
    },
    {
      "name": "CVE-2025-31327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31327"
    }
  ],
  "initial_release_date": "2025-04-08T00:00:00",
  "last_revision_date": "2025-04-25T00:00:00",
  "links": [
    {
      "title": "FAQ sur l\u0027exploitation de la vuln\u00e9rabilit\u00e9 CVE-2025-31324",
      "url": "https://me.sap.com/notes/3596125"
    }
  ],
  "reference": "CERTFR-2025-AVI-0285",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-08T00:00:00.000000"
    },
    {
      "description": "Ajout des vuln\u00e9rabilit\u00e9s CVE-2025-31324, CVE-2025-31328 et CVE-2025-31327",
      "revision_date": "2025-04-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 SAP april-2025",
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html"
    }
  ]
}

CERTFR-2025-AVI-0396

Vulnerability from certfr_avis

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
SAP	S/4HANA	S/4HANA HCM Portugal and SAP ERP HCM Portugal versions S4HCMCPT 100, 101, SAP_HRCPT 600, 604 et 608
SAP	N/A	Service Parts Management (SPM) versions SAP_APPL 600, 602, 603, 604, 605, 606, 616, 617, 618, SAPSCORE 111, S4CORE 100, 101 et 102
SAP	NetWeaver	NetWeaver (Visual Composer development server) version VCFRAMEWORK 7.50
SAP	N/A	Supplier Relationship Management (Master Data Management Catalog) version SRM_MDM_CAT 7.52
SAP	Business Objects Business Intelligence Platform	BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 2025
SAP	N/A	Business Objects Business Intelligence Platform (PMW) versions ENTERPRISE 430, 2025 et 2027
SAP	NetWeaver Application Server ABAP et ABAP Platform	NetWeaver Application Server ABAP et ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758
SAP	N/A	Data Services Management Console version SBOP DS JOB SERVER 4.3
SAP	N/A	Digital Manufacturing (Production Operator Dashboard) version CTNR-DME-PODFOUNDATION-MS 1.0
SAP	N/A	Fiori for SAP ERP versions SAP_GWFND 740, 750, 751, 752, 753, 754, 755, 756, 757 et 758
SAP	S/4HANA	S4/HANA (OData meta-data property) versions S4CORE 102, 103, 104, 105 et 106
SAP	S/4HANA	S/4HANA (Private Cloud & On-Premise) versions S4CRM 204, 205, 206, S4CEXT 107, 108, BBPCRM 702, 712, 713, 714
SAP	S/4HANA	S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) versions S4CORE 102, 103, 104, 105, 106, 107, 108, SCM_BASIS 700, 701, 702, 712, 713 et 714
SAP	N/A	Gateway Client versions SAP_GWFND 752, 753, 754, 755, 756, 757 et 758
SAP	N/A	Supplier Relationship Management (Live Auction Cockpit) version SRM_SERVER 7.14
SAP	N/A	Service Parts Management (SPM) versions SAP_APPL 617, 618, SAPSCORE 116, S4CORE 100, 101, 102 et 103
SAP	N/A	PDCE versions S4CORE 102, 103, S4COREOP 104, 105, 106, 107 et 108
SAP	N/A	Landscape Transformation (PCL Basis) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752, 2020, S4CORE 102, 103, 104, 105, 106, 107 et 108
SAP	N/A	GUI for Windows version BC-FES-GUI 8.00

References

Title

Publication Time

Tags

Bulletin de sécurité SAP may-2025

2025-05-13

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "S/4HANA HCM Portugal and SAP ERP HCM Portugal versions S4HCMCPT 100, 101, SAP_HRCPT 600, 604 et 608",
      "product": {
        "name": "S/4HANA",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Service Parts Management (SPM) versions SAP_APPL 600, 602, 603, 604, 605, 606, 616, 617, 618, SAPSCORE 111, S4CORE 100, 101 et 102",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver (Visual Composer development server) version VCFRAMEWORK 7.50",
      "product": {
        "name": "NetWeaver",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Supplier Relationship Management (Master Data Management Catalog) version SRM_MDM_CAT 7.52",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 2025",
      "product": {
        "name": "Business Objects Business Intelligence Platform",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Business Objects Business Intelligence Platform (PMW) versions ENTERPRISE 430, 2025 et 2027",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server ABAP et ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758",
      "product": {
        "name": "NetWeaver Application Server ABAP et ABAP Platform",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Data Services Management Console version SBOP DS JOB SERVER 4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Digital Manufacturing (Production Operator Dashboard) version CTNR-DME-PODFOUNDATION-MS 1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Fiori for SAP ERP versions SAP_GWFND 740, 750, 751, 752, 753, 754, 755, 756, 757 et 758",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S4/HANA (OData meta-data property) versions S4CORE 102, 103, 104, 105 et 106",
      "product": {
        "name": "S/4HANA",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA (Private Cloud \u0026 On-Premise) versions S4CRM 204, 205, 206, S4CEXT 107, 108, BBPCRM 702, 712, 713, 714",
      "product": {
        "name": "S/4HANA",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) versions S4CORE 102, 103, 104, 105, 106, 107, 108, SCM_BASIS 700, 701, 702, 712, 713 et 714",
      "product": {
        "name": "S/4HANA",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Gateway Client versions SAP_GWFND 752, 753, 754, 755, 756, 757 et 758",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Supplier Relationship Management (Live Auction Cockpit) version SRM_SERVER 7.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Service Parts Management (SPM) versions SAP_APPL 617, 618, SAPSCORE 116, S4CORE 100, 101, 102 et 103",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "PDCE versions S4CORE 102, 103, S4COREOP 104, 105, 106, 107 et 108",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Landscape Transformation (PCL Basis) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752, 2020, S4CORE 102, 103, 104, 105, 106, 107 et 108",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "GUI for Windows version BC-FES-GUI 8.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-43003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43003"
    },
    {
      "name": "CVE-2025-43007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43007"
    },
    {
      "name": "CVE-2025-23191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23191"
    },
    {
      "name": "CVE-2025-42999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42999"
    },
    {
      "name": "CVE-2025-43009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43009"
    },
    {
      "name": "CVE-2025-43011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43011"
    },
    {
      "name": "CVE-2025-43006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43006"
    },
    {
      "name": "CVE-2025-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0060"
    },
    {
      "name": "CVE-2025-30012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30012"
    },
    {
      "name": "CVE-2025-43000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43000"
    },
    {
      "name": "CVE-2025-43004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43004"
    },
    {
      "name": "CVE-2025-31324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31324"
    },
    {
      "name": "CVE-2025-43005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43005"
    },
    {
      "name": "CVE-2025-43008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43008"
    },
    {
      "name": "CVE-2025-31329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31329"
    },
    {
      "name": "CVE-2025-30009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30009"
    },
    {
      "name": "CVE-2025-30011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30011"
    },
    {
      "name": "CVE-2025-43002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43002"
    },
    {
      "name": "CVE-2025-26662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26662"
    },
    {
      "name": "CVE-2025-30010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30010"
    },
    {
      "name": "CVE-2025-42997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42997"
    },
    {
      "name": "CVE-2025-0061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0061"
    },
    {
      "name": "CVE-2025-43010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43010"
    },
    {
      "name": "CVE-2024-39592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39592"
    },
    {
      "name": "CVE-2025-30018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30018"
    }
  ],
  "initial_release_date": "2025-05-13T00:00:00",
  "last_revision_date": "2025-06-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0396",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-13T00:00:00.000000"
    },
    {
      "description": "Ajout des identifiants CVE CVE-2025-0060, CVE-2025-0061 et CVE-2025-23191",
      "revision_date": "2025-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 SAP may-2025",
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2025.html"
    }
  ]
}

CERTFR-2025-AVI-0350

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans SAP NetWeaver. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que la vulnérabilité CVE-2025-31324 est activement exploitée.

Cette information est disponible sur la foire aux questions relative à cette vulnérabilité [1]. L'accès à ce lien nécessite un compte utilisateur pour le support SAP.

Cette vulnérabilité, ajoutée au bulletin de sécurité SAP du 08 avril 2025, nécessite un correctif disponible depuis le 22 avril 2025. La mise à jour du 08 avril 2025 ne semble donc pas couvrir cette vulnérabilité.

Impacted products

	Vendor	Product	Description
	SAP	N/A	NetWeaver (Visual Composer development server) versions VCFRAMEWORK 7.50 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité SAP april-2025	2025-04-08	vendor-advisory
[1] FAQ sur l'exploitation de la vulnérabilité CVE-2025-31324	-	other
Avis CERTFR-2025-AVI-0285 du 08 avril 2025	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetWeaver (Visual Composer development server) versions VCFRAMEWORK 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que la vuln\u00e9rabilit\u00e9 CVE-2025-31324 est activement exploit\u00e9e. \n\nCette information est disponible sur la foire aux questions relative \u00e0 cette vuln\u00e9rabilit\u00e9  [1]. L\u0027acc\u00e8s \u00e0 ce lien n\u00e9cessite un compte utilisateur pour le support SAP. \n\nCette vuln\u00e9rabilit\u00e9, ajout\u00e9e au bulletin de s\u00e9curit\u00e9 SAP du 08 avril 2025, n\u00e9cessite un correctif disponible depuis le 22 avril 2025. La mise \u00e0 jour du 08 avril 2025 ne semble donc pas couvrir cette vuln\u00e9rabilit\u00e9.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-31324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31324"
    }
  ],
  "initial_release_date": "2025-04-25T00:00:00",
  "last_revision_date": "2025-05-19T00:00:00",
  "links": [
    {
      "title": "[1] FAQ sur l\u0027exploitation de la vuln\u00e9rabilit\u00e9 CVE-2025-31324",
      "url": "https://me.sap.com/notes/3596125"
    },
    {
      "title": "Avis CERTFR-2025-AVI-0285 du 08 avril 2025",
      "url": "https://cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0285/"
    }
  ],
  "reference": "CERTFR-2025-AVI-0350",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-25T00:00:00.000000"
    },
    {
      "description": "Correction dune r\u00e9p\u00e9tition dans la source.",
      "revision_date": "2025-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SAP NetWeaver. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans SAP NetWeaver",
  "vendor_advisories": [
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 SAP april-2025",
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-31324 (GCVE-0-2025-31324)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2025-ALE-005

Vulnerability from certfr_alerte

Identification du composant vulnérable

Solutions

CERTFR-2025-AVI-0285

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0396

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0350

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature