Monday , April 28 2025
SAP NetWeaver

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

infosecbulletin 4 hours ago Alert, Vulnerabilities

Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks.

CVE-2025-31324 is a vulnerability that lets unauthenticated attackers upload malicious files to affected systems, risking full system compromise.

India Launches First Quantum Computing Village in Amaravati

By infosecbulletin / Monday , April 28 2025
India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...
Read More
India Launches First Quantum Computing Village in Amaravati

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

By infosecbulletin / Monday , April 28 2025
Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....
Read More
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

Blind_Virus, DU_Featherless_Bipeds and Hidden investigations top qualifier for UAP CTF

By infosecbulletin / Monday , April 28 2025
Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...
Read More
Blind_Virus, DU_Featherless_Bipeds and Hidden investigations top qualifier for UAP CTF

CVE-2025-43859
Request Smuggling Vulnerability in Python’s h11 HTTP Library

By infosecbulletin / Sunday , April 27 2025
A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....
Read More
CVE-2025-43859 Request Smuggling Vulnerability in Python’s h11 HTTP Library

NVIDIA Releases Security Update For GPU Driver Vulnerabilities

By infosecbulletin / Saturday , April 26 2025
NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver...
Read More
NVIDIA Releases Security Update For GPU Driver Vulnerabilities

‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

By infosecbulletin / Saturday , April 26 2025
The SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn about real-time attacks using fake login...
Read More
‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

By infosecbulletin / Friday , April 25 2025
In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild....
Read More
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

NVIDIA NeMo Framework Vuln Allow Attackers RCE

By infosecbulletin / Friday , April 25 2025
The NVIDIA NeMo Framework has three vulnerabilities that could enable attackers to execute remote code, risking AI system compromise and...
Read More
NVIDIA NeMo Framework Vuln Allow Attackers RCE

Cisco Issued Urgent Security Advisories For Multiple Products

By infosecbulletin / Thursday , April 24 2025
Cisco issued a security advisory about a remote code execution (RCE) vulnerability (CVE-2025-32433) affecting multiple products in its portfolio due...
Read More
Cisco Issued Urgent Security Advisories For Multiple Products

SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

By infosecbulletin / Thursday , April 24 2025
SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....
Read More
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

A severe flaw with a CVSS score of 10.0 affects the Metadata Uploader component of SAP NetWeaver Visual Composer. Discovered in April 2025 by ReliaQuest security researchers, this vulnerability has been exploited in attacks on organizations, including those with fully-patched SAP systems.

Security researchers have found that some attackers used advanced post-exploitation tools like the Brute Ratel C4 framework and evasion techniques like Heaven’s Gate to avoid endpoint protection.

“The vulnerability is particularly dangerous because it requires no authentication, is relatively straightforward to execute, requires no user interaction, and potentially gives attackers full control over the affected system,” Vahagn Vardanian of RedRays explained.

On April 24, 2025, SAP issued an emergency patch via Security Note 3594142, outside its usual schedule. Organizations should apply this patch immediately or use the temporary workaround in SAP Note 3593336 if they cannot patch right away.

Organizations using SAP systems should implement effective security monitoring and maintain regular patching schedules to reduce future threats.

Request Smuggling Vulnerability in Python’s h11 HTTP Library

Check Also

159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin