Welcome to our Onapsis Podcast, a podcast brought to you by Onapsis, the global leader in SAP cybersecurity.
Join us as we delve into the fascinating world of safeguarding SAP systems from cyber threats and uncover the secrets to protecting your organization's most critical assets.
In each episode, our expert hosts and special guests will explore a variety of captivating topics surrounding SAP cybersecurity, shedding light on the challenges, best practices, and cutting-edge solutions that help businesses maintain the integrity and resilience of their SAP landscapes.
From the latest emerging threats to innovative techniques for vulnerability management and threat detection, our podcast provides invaluable insights for professionals working with SAP systems or those interested in learning more about the importance of securing the digital core.
All content for Onapsis Podcast is the property of Onapsis and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Welcome to our Onapsis Podcast, a podcast brought to you by Onapsis, the global leader in SAP cybersecurity.
Join us as we delve into the fascinating world of safeguarding SAP systems from cyber threats and uncover the secrets to protecting your organization's most critical assets.
In each episode, our expert hosts and special guests will explore a variety of captivating topics surrounding SAP cybersecurity, shedding light on the challenges, best practices, and cutting-edge solutions that help businesses maintain the integrity and resilience of their SAP landscapes.
From the latest emerging threats to innovative techniques for vulnerability management and threat detection, our podcast provides invaluable insights for professionals working with SAP systems or those interested in learning more about the importance of securing the digital core.
Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)
Onapsis Podcast
43 minutes
6 months ago
Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)
Evidence of active attacks against this vulnerability has been observed by ReliaQuest, Onapsis Threat Intelligence, and confirmed by multiple IR firms in recent active investigations.
SAP published an emergency security patch on April 24, 2025 to address this issue. The vulnerability is of critical severity (CVSS 10), and affects the SAP Visual Composer component of SAP Java systems, which is not enabled by default.
Critical Exploit Details:
Unauthenticated threat actors can exploit CVE-2025-31324.
Attackers can gain full control of vulnerable SAP systems.
Risks include unrestricted access to SAP business data and processes, ransomware deployment, and lateral movement.
Continued exploitation is expected against vulnerable internet-facing SAP Java systems.
Onapsis Podcast
Welcome to our Onapsis Podcast, a podcast brought to you by Onapsis, the global leader in SAP cybersecurity.
Join us as we delve into the fascinating world of safeguarding SAP systems from cyber threats and uncover the secrets to protecting your organization's most critical assets.
In each episode, our expert hosts and special guests will explore a variety of captivating topics surrounding SAP cybersecurity, shedding light on the challenges, best practices, and cutting-edge solutions that help businesses maintain the integrity and resilience of their SAP landscapes.
From the latest emerging threats to innovative techniques for vulnerability management and threat detection, our podcast provides invaluable insights for professionals working with SAP systems or those interested in learning more about the importance of securing the digital core.
