Aktuelles, Branche, Produkte - geschrieben von cp am Freitag, Mai 2, 2025 18:52 - noch keine Kommentare
IoC Scanner for SAP Zero-Day (CVE-2025-31324) available
Onapsis provides an open source tool in collaboration with Mandiant
[datensicherheit.de, 05/02/2025] Onapsis is providing an open source tool in collaboration with Mandiant. It is designed to help companies strengthen SAP security by identifying Indicators of Compromise (IoCs) associated with the active exploitation of a recently patched vulnerability in SAP NetWeaver Application Server Java (CVE-2025-31324).
Highest Criticality Vulnerability
CVE-2025-31324 is a critical, unauthenticated remote code execution vulnerability in the Visual Composer component of SAP NetWeaver that allows threat actors to take full control of compromised SAP servers.
Overview of CVE-2025-31324
The vulnerability affects SAP NetWeaver Java systems where the Visual Composer development environment is enabled and unpatched. If successfully exploited, attackers have full control over the system, including unrestricted access to sensitive SAP business data and processes, ransomware implementation and lateral movement. The first exploitation observed by Onapsis was on March 14, 2025. Threat activity has increased significantly, even though SAP deployed an emergency patch on April 24.
Patche install and environment check for threats recommended
Due to their criticality and widespread use, customers with vulnerable internet-based SAP applications are strongly advised not only to install patches, but also to check their environments for vulnerabilities.
Open source scanner for SAP Zero-Day
The open source scanner, which was developed by Onapsis in collaboration with Mandiant, is designed to support SAP customers in various aspects:
- Determine the vulnerability of the system to CVE-2025-31324
- Identify known Indicators of Compromise (IOCs) against available campaign information
- Scan for unknown web executables in known exploit paths
- Collect suspicious files in a structured ZIP archive with directory for later analysis
- Scan the SAP HTTP access log (if available) for entries related to the exploitation of CVE-2025-31324
- Extract and store copies of identified log entries in a CSV file for further analysis
This is an active campaign. The tool will be further updated as soon as more IoCs and information are available. A regular check for updates is recommended by the manufacturer.
The scanner is available for free download here on the Onapis blog.
Recommended actions for companies
- Immediately use SAP Note 3594142
- Start IoC scanner to detect signs of compromise
- Trigger the SAP-specific Incident Response Playbooks
According to SAP, the release of this tool is part of its efforts to support defenders against critical threats.
Further information on this topic:
Onapsis
SAP NetWeaver Flaw Lets Hackers Take Full Control: CVE-2025-31324 Explained
datensicherheit.de, 08.04.2021
Kritische SAP-Anwendungen im Fokus Cyber-Krimineller
Aktuelles, Experten, Veranstaltungen - Mai 2, 2025 0:34 - noch keine Kommentare
Workshop der TH Wildau zur Umsetzung des EU AI Acts in KMU
weitere Beiträge in Experten
- Chip-Industrie: Silicon Saxony positioniert sich zum Sonderbericht des Europäischen Rechnungshofes
- DENIC-Generalversammlung 2025: Aufsichtsratsvorsitzender und neues Gesicht ins Gremium gewählt
- eco-Gratulation an Digitalminister – und „Top Five Agenda“ zur Wegleitung
- Bitkom-Glückwünsche an neuen Digitalminister
- E-Rechnungspflicht als Herausforderung: Digitalisierung von Geschäftsprozessen eröffnet neue Angriffsflächen
Aktuelles, Branche, Produkte - Mai 2, 2025 18:52 - noch keine Kommentare
IoC Scanner for SAP Zero-Day (CVE-2025-31324) available
weitere Beiträge in Branche
- Indicators of Compromise Scanner für SAP Zero-Day (CVE-2025-31324)
- Erkenntnisse aus dem Verizon Data Breach Investigation Report (DBIR) 2025
- World Password Day sollte überflüssig werden – in einer von Passwörtern befreiten Zukunft
- DENIC-Generalversammlung 2025: Aufsichtsratsvorsitzender und neues Gesicht ins Gremium gewählt
- Cyberrisiken im Wassersektor: Modernisierung und Segmentierung bieten Schutz
Branche, Umfragen - Dez. 21, 2020 21:46 - noch keine Kommentare
Threat Hunting: Bedeutung und Wertschätzung steigt
weitere Beiträge in Service
- Umfrage: 71 Prozent der IT-Entscheidungsträger besorgt über Mehrfachnutzung von Passwörtern
- Fast die Hälfte der Unternehmen ohne geeignete Sicherheitsrichtlinien für Remote-Arbeit
- Umfrage: Bedeutung der Konsolidierung von IT-Sicherheitslösungen
- TeleTrusT-Umfrage: „IT-Sicherheit im Home Office“
- Cybersicherheit: SANS-Studie zu Frauen in Führungspositionen
Kommentieren