Saturday , May 24 2025
SAP NetWeaver

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

infosecbulletin 4 weeks ago Alert, Vulnerabilities

Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks.

CVE-2025-31324 is a vulnerability that lets unauthenticated attackers upload malicious files to affected systems, risking full system compromise.

Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges

By infosecbulletin / Friday , May 23 2025
A passback vulnerability has been found in some Canon printers, including production and multifunction models. If an attacker gains administrative...
Read More
Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges

184 Million Leaked Credentials Discovered in Open Database

By infosecbulletin / Friday , May 23 2025
Security researchers have discovered a database with 184 million account credentials, highlighting the need to update compromised passwords, strengthen weak...
Read More
184 Million Leaked Credentials Discovered in Open Database

Palo Alto Networks Warns of XSS Flaw: PoC Released

By infosecbulletin / Wednesday , May 21 2025
Palo Alto Networks warns a reflected cross-site scripting (XSS) vulnerability, CVE-2025-0133, in the GlobalProtect gateway and portal features of its...
Read More
Palo Alto Networks Warns of XSS Flaw: PoC Released

Pwn2Own Berlin reveals 29 critical vulns in major tech firms

By infosecbulletin / Wednesday , May 21 2025
Pwn2Own Berlin 2025, a top cybersecurity contest, awarded $1,078,750 to researchers who discovered 29 zero-day vulnerabilities in various enterprise technologies....
Read More
Pwn2Own Berlin reveals 29 critical vulns in major tech firms

High-Severity Flaw Hits Atlassian Jira Data Center

By infosecbulletin / Wednesday , May 21 2025
A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by...
Read More
High-Severity Flaw Hits Atlassian Jira Data Center

All major mobile networks go down across Spain

By infosecbulletin / Tuesday , May 20 2025
A nationwide phone network has gone down in Spain, shortly after blackouts caused chaos and significant financial losses. Emergency services...
Read More
All major mobile networks go down across Spain

Researchers found 200 billion files exposed in cloud buckets

By infosecbulletin / Monday , May 19 2025
Billions of files, including documents, source code, and backups, are leaking because of misconfigured cloud storage. Cyble, a cybersecurity company...
Read More
Researchers found 200 billion files exposed in cloud buckets

Bank server compromised using customer’s mobile, steal ₹11 crore

By infosecbulletin / Sunday , May 18 2025
Cyber fraudsters hacked the Himachal Pradesh State Cooperative Bank's server using a customer's mobile phone. According to reports, the fraudsters...
Read More
Bank server compromised using customer’s mobile, steal ₹11 crore

“InfoSecCon-2025″ held successfully promising cyber resilience

By infosecbulletin / Sunday , May 18 2025
"InfoSecCon-2025" was successfully held with tremendous audiences with various time demanding topics and keynotes at Dhaka on 16 May- 2025....
Read More
“InfoSecCon-2025″ held successfully promising cyber resilience

Intel PC, laptop and server processors affected for 6 years: Report

By infosecbulletin / Saturday , May 17 2025
A new class of vulnerabilities in Intel processors, called Branch Predictor Race Conditions (BPRC), enables attackers to extract sensitive data...
Read More
Intel PC, laptop and server processors affected for 6 years: Report

A severe flaw with a CVSS score of 10.0 affects the Metadata Uploader component of SAP NetWeaver Visual Composer. Discovered in April 2025 by ReliaQuest security researchers, this vulnerability has been exploited in attacks on organizations, including those with fully-patched SAP systems.

Security researchers have found that some attackers used advanced post-exploitation tools like the Brute Ratel C4 framework and evasion techniques like Heaven’s Gate to avoid endpoint protection.

“The vulnerability is particularly dangerous because it requires no authentication, is relatively straightforward to execute, requires no user interaction, and potentially gives attackers full control over the affected system,” Vahagn Vardanian of RedRays explained.

On April 24, 2025, SAP issued an emergency patch via Security Note 3594142, outside its usual schedule. Organizations should apply this patch immediately or use the temporary workaround in SAP Note 3593336 if they cannot patch right away.

Organizations using SAP systems should implement effective security monitoring and maintain regular patching schedules to reduce future threats.

Request Smuggling Vulnerability in Python’s h11 HTTP Library

Check Also

Pwn2Own Berlin

Pwn2Own Berlin reveals 29 critical vulns in major tech firms

Pwn2Own Berlin 2025, a top cybersecurity contest, awarded $1,078,750 to researchers who discovered 29 zero-day …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin