SAP NetWeaver Visual Composer Unrestricted File Upload Vulnerability Analysis Report

This document is a Security Vulnerability Analysis Report detailing the Unrestricted File Upload vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer. It outlines the critical nature of the vulnerability, which allows unauthenticated attackers to upload executable files, potentially leading to full system compromise. The report provides information on the affected product, including the CVSS score of 10.0, indicating maximum risk. It describes the vulnerability's specifics, prerequisites for exploitation, and diagnostic steps to determine if a system is vulnerable. The impact section discusses the risks to organizations relying on SAP solutions, including potential unauthorized access and deployment of malicious webshells. Mitigation strategies are provided, including restricting access to the vulnerable URL and disabling the application if not needed. Additional recommendations for monitoring and securing SAP systems are also included, along with references for further information on the vulnerability.