• SAP CyberSecurity
• Videos

Critical SAP Zero-Day Vulnerability Under Active Exploitation

Key Takeaways

⇨ A critical zero-day vulnerability (CVE-2025-31324) in SAP systems has been actively exploited by unauthenticated threat actors, posing severe risks such as full control over vulnerable systems and unrestricted access to sensitive business data.

⇨ SAP has released an emergency security patch (SAP Note 3594142) to address this vulnerability, and organizations are urged to apply it immediately to prevent potential attacks, particularly on internet-facing SAP Java systems.

⇨ For those unable to apply the patch right away, SAP recommends disabling or preventing access to the vulnerable Visual Composer component as an interim measure, with further guidance available in SAP Note 3596125.

Active exploitation of a critical zero-day vulnerability (CVE-2025-31324) in the SAP Visual Composer component allows unauthenticated attackers to gain full control over SAP systems, prompting SAP to release an emergency patch and urging customers to either apply it or disable access to the vulnerable component.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

First Name *

Last Name *

Email *

Phone

Company Name *

Job Title *

City

Country *United States of AmericaAfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBolivia (Plurinational State of)Bonaire, Saint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCabo VerdeCambodiaCameroonCanadaCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos (Keeling) IslandsColombiaComorosCongoCongo (Democratic Republic of the)Cook IslandsCosta RicaCroatiaCubaCuraçaoCyprusCzech RepublicCôte d'IvoireDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEswatini (Kingdom of)EthiopiaFalkland Islands (Malvinas)Faroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard Island and McDonald IslandsHondurasHong KongHungaryIcelandIndiaIndonesiaIran (Islamic Republic of)IraqIreland (Republic of)Isle of ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKorea (Democratic People's Republic of)Korea (Republic of)KosovoKuwaitKyrgyzstanLao People's Democratic RepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacaoMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesia (Federated States of)Moldova (Republic of)MonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth Macedonia (Republic of)Northern Mariana IslandsNorwayOmanPakistanPalauPalestine (State of)PanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRomaniaRussian FederationRwandaRéunionSaint BarthélemySaint Helena, Ascension and Tristan da CunhaSaint Kitts and NevisSaint LuciaSaint Martin (French part)Saint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint Maarten (Dutch part)SlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSouth SudanSpainSri LankaSudanSurinameSvalbard and Jan MayenSwedenSwitzerlandSyrian Arab RepublicTaiwan, Republic of ChinaTajikistanTanzania (United Republic of)ThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkmenistanTurks and Caicos IslandsTuvaluTürkiyeUgandaUkraineUnited Arab EmiratesUnited Kingdom of Great Britain and Northern IrelandUnited States Minor Outlying IslandsUruguayUzbekistanVanuatuVatican City StateVenezuela (Bolivarian Republic of)VietnamVirgin Islands (British)Virgin Islands (U.S.)Wallis and FutunaWestern SaharaYemenZambiaZimbabweÅland Islands

First Id Name

Opt In *

• I agree to register as an SAPinsider member and receive other communications from SAPinsider or our Partners.
  
  By enrolling in the SAPinsider Membership community you receive access to member only content that is provided courtesy of SAPinsider and our Partners. You will only be asked to enroll once but can change your profile at any time by going to your profile and clicking to edit your profile. If you would prefer to review content provided by SAPinsider and SAPinsider Partners and not be contacted by those Partners please do not check the box submitting your willingness to be contacted.
  
  You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.
  
  By clicking submit, you consent to allow SAPinsider to store and process the personal information submitted above to provide you the content requested.

Submit

Active exploitation of a critical zero-day vulnerability (CVE-2025-31324) in the SAP Visual Composer component allows unauthenticated attackers to gain full control over SAP systems, prompting SAP to release an emergency patch and urging customers to either apply it or disable access to the vulnerable component.

Membership Required

You must be a member to access this content.

View Membership Levels

Explore related questions

Ask SAPi

what is this?

Already a member? Log in here

• 
  • SAP CyberSecurity

  Addressing Cybersecurity by Utilizing a Reactive Approach to SAP Landscapes

  Reading time: 2 mins

• 
  • SAP CyberSecurity

  Cloud Security Trends for SAP Customers Hosted by Suse

  January 12, 2023

• 
  • SAP CyberSecurity
  • Premium

  Necessity is The Mother of Invention: Securing Rapid Cloud Transformation Through Shared Fate

• 
  • SAP CyberSecurity

  SAPinsider Buyers Guide Webinar: Cybersecurity

  Reading time: 1 mins