Unauthenticated file upload in SAP NetWeaver enabling webshell deployment. Mass exploitation within 24h of PoC release.
| CVE ID | CVE-2025-31324 |
| Vendor | SAP |
| Affected Product | NetWeaver |
| Vulnerability Type | File Upload / RCE |
| CVSS Score | 10.0 (CRITICAL) |
| Actively Exploited | ✅ Yes — CISA KEV Listed |
| Patch Available | SAP Note 3594142 |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence |
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.