SAP patches second zero-day flaw exploited in recent attacks

SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. The company issued security updates for this security flaw (CVE-2025-42999) on Monday, May 12, saying it was discovered while investigating zero-day attacks involving another unauthenticated file upload flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual Composer that was fixed in April. "SAP is aware of and has been addressing vulnerabilities in SAP NETWEAVER Visual Composer," a SAP spokesperson told BleepingComputer. "We ask all customers using SAP NETWEAVER to install these patches to protect themselves. The Security Notes can be found here: 3594142 & 3604119." ReliaQuest first detected the attacks exploiting CVE-2025-31324 as a zero-day in April, reporting that threat actors were uploading JSP web shells to public directories and the Brute Ratel red team tool after breaching customers' systems through unauthorized file uploads on SAP NetWeave ... Read full article.