Back to resource center

Rimini Street Makes Security Mitigations Publicly Available For Critical SAP NetWeaver Zero-Day Exploit

Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
2 min read
Rimini Street Makes Security Mitigations Publicly Available For Critical SAP NetWeaver Zero-Day Exploit

On Thursday of last week, Rimini Protect™ security services identified that a critical vulnerability in SAP NetWeaver was actively exploited by threat actors. This exploit enables attackers to compromise systems without requiring authentication and then allows for lateral movement to carry out other malicious activities, such as data exfiltration and ransomware attacks. The CVSS score for this vulnerability is the highest possible, rated at 10 out of 10[1] and exploit behavior has been extensive.

Due to the seriousness of this vulnerability and its wide-ranging impact on SAP users, we are publicly sharing a summarized version of our Zero-Day Report, which is normally restricted to our clients.  This report includes general mitigation options and guidance to help identify and address this threat.  We are making this this zero-day report available with no subscriptions required, no requirement to be a Rimini Street client, and no hidden conditions.  Please feel free to download our report now.

For Rimini ProtectTM Application Risk Mitigation (ARM) subscribers, no action is required from you to protect against the exploitation of this vulnerability.  For all Rimini ONETM clients [those receiving both L4 software support and managed services from Rimini Street], corrective changes have been proactively applied to your environment. No action is required from you to protect against the exploitation of this vulnerability.  

Overview of activity:

  • April 24, 2025: Rimini Protect™ security services found that an Unrestricted File Upload vulnerability in SAP NetWeaver was being actively exploited in the wild.
  • April 24, 2025: NIST National Vulnerability Database published CVE-2025-31324 describing this vulnerability.[2]
  • April 25, 2025: The Rimini Protect team notified our clients of the discovered vulnerability and mitigation options.
  • April 29, 2025: US government agency CISA (Cybersecurity and Infrastructure Security Agency) added this vulnerability to the Known Exploited Vulnerabilities (KEV) list,[3] publicly indicating active exploitation in the wild.

Rimini Protect clients were provided mitigation options four days before the CISA notification was sent to the public.

How it’s impacting SAP customers:

  • The authorization mechanism of the Metadata Uploader in SAP NetWeaver Visual Composer fails to properly validate that users have the appropriate permissions before allowing file uploads.
  • Unauthenticated attackers can upload executable files into public folders and compromise the system. From there the attackers can move laterally within the target’s environment and can deploy attacks including ransomware.

Download the Rimini Protect™ Zero Day Report to share with your IT and Security team and take action now.

For more information on Rimini Street’s proactive, fast, and cost-effective security solutions tailored specifically for enterprise software environments, click here now.

Content contributed by Kevin Eyre, Sr. Director Product Marketing, Rimini Street

[1] CVE.org:  CVE-2025-31324

[2] NIST National Vulnerability Database:  CVE-2025-31324 Detail

[3] CISA Adds One Known Exploited Vulnerability to Catalog

 

Table of contents
You may also like

Gabe Dimeglio

CISO, SVP & GM Rimini Protect™ and Rimini Watch™

Gabe Dimeglio is a 20-year veteran of information technology and security for private and public sector organizations. He is a results-driven leader, specializing in security services and solutions for mission critical, complex enterprise platforms. His expertise includes strategic consulting services, risk analyses/risk mitigation, and compliance.

Mr. Dimeglio serves as Vice President & Executive Advisor, Security, Office of the CTO at Rimini Street. He is responsible for oversight of the GSS organization that provides tailored consulting and advisory security services to prospects and clients, in collaboration with Rimini Street sales, client engagement, and retention functions.

LinkedIn

More from Gabe Dimeglio

No One Has Time for Complicated VMware Security Updates!
Blog
No One Has Time for Complicated VMware Security Updates!
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
2 min read

For VMware perpetual licensees without Broadcom support, installing security patches has become more challenging.   Last year, Broadcom assured vSphere customers that security patches for all supported versions would be made available to all customers — even those with expired support contracts.[1] However, on April 8, 2025, the company announced that updates for VMware vSphere ESXi […]

Read Blog
Staying one step ahead of VMware vulnerabilities with proactive protection from Rimini Protect™
Blog
Staying one step ahead of VMware vulnerabilities with proactive protection from Rimini Protect™
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

March 4, 2025 was a day filled with uncertainty for VMware clients when the US government agency CISA (Cybersecurity and Infrastructure Security Agency) announced that three VMware ESXi vulnerabilities were being added to the Known Exploited Vulnerabilities (KEV) list.[1]  Two of these vulnerabilities were ranked as “severe” and one as “critical” based on their severity […]

Read Blog
A Bug’s Tale: The Lifecycle of a Software Bug: From Discovery to Defense  
Blog
A Bug’s Tale: The Lifecycle of a Software Bug: From Discovery to Defense  
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

Software bugs: Where do they come from? How are they exterminated? You have cybersecurity questions, Rimini Street has answers. A software bug, commonly referred to as a vulnerability, is often present in the software when it’s first written. These flaws can range from minor glitches to major security gaps that open the door to cyberattacks. […]

Read Blog
Terminating Threats: IT Security Expertise in Action
Blog
Terminating Threats: IT Security Expertise in Action
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

Gabe Dimeglio is the GVP & GM of Rimini Protect™ with more than 20 years of experience in IT and security for private and public-sector organizations and expertise in strategic consulting services, risk analysis/risk mitigation and compliance.   In my role leading the development and delivery of Rimini Protect™, I’ve always been focused on addressing the […]

Read Blog
Maintain Enterprise Vigilance by Focusing on Critical Cybersecurity Trends
Blog
Maintain Enterprise Vigilance by Focusing on Critical Cybersecurity Trends
Gabe Dimeglio
Gabe Dimeglio
CISO, SVP & GM Rimini Protect™ and Rimini Watch™
3 min read

The constant barrage of alerts and news of cybersecurity threats and breaches can be overwhelming to the point of exhaustion, which raises further risk that overwhelmed IT teams are unable to focus on specific vulnerabilities in their enterprise. That’s why it’s important to make sure somebody is tasked with vulnerability management – continually evaluating the […]

Read Blog