Is Your SAP System at Risk? Free CVE-2025-31324 Scanner for SAP Vulnerability Detection

Discover if your SAP NetWeaver system is vulnerable to the critical CVE-2025-31324 flaw. Use our free scanner to identify potential risks quickly.

Facing a critical security threat within SAP NetWeaver systems? The CVE-2025-31324 vulnerability, with a maximum severity score, allows unauthorized file uploads, potentially leading to remote code execution. This could completely compromise your system. Onapsis is providing an open-source tool, a CVE-2025-31324 scanner, that enables you to check your SAP environment's vulnerability status quickly.

Why You Need to Scan for CVE-2025-31324 Immediately

The SAP Visual Composer Metadata Uploader vulnerability is actively being exploited. Don't wait. Here's why you should act now:

• Unauthenticated Access: Attackers don't need credentials to exploit this flaw.
• Remote Code Execution: Successful exploitation can lead to complete system takeover.
• Widespread Risk: The Visual Composer component is common in SAP Java NetWeaver deployments.

Introducing the Open-Source CVE-2025-31324 Scanner Tool

Onapsis has released a free, open-source CVE-2025-31324 scanner to help you assess your SAP systems. This tool allows you to:

• Identify Vulnerable Systems: Pinpoint SAP NetWeaver Java systems susceptible to CVE-2025-31324.
• Detect Indicators of Compromise (IoCs): Find specific artifacts suggesting a potential breach.

This tool identifies vulnerable systems and the presence of specific Indicators of Compromise (IOCs)

Example Output:

python3 Onapsis-Scanner-CVE-2025-31324.py sapserver 50000
[CRITICAL] SAP System at http://sapserver:50000/developmentserver/metadatauploader appears to be vulnerable to CVE-2025-31324.
[CRITICAL] Known webshell found at: http://sapserver:50000/irj/helper.jsp

How to Install and Use the CVE-2025-31324 Scanner

It's easy to get started with the SAP vulnerability scanner. Follow these simple steps:

1. Prerequisites: Ensure you have Python 3 installed.
2. Create a Virtual Environment:

   python3 -m venv .venv
   . .venv/bin/activate
   

   Copy
3. Install Dependencies:

   pip install -r requirements.txt
   

   Copy

Running the Scanner

Use the following syntax to scan your SAP systems:

python3 metadata_uploader_scanner.py <hostname> <port> <use_ssl>

• <hostname>: Target SAP NetWeaver system (e.g., example.sap.com)
• <port>: Port number (typically 443 for SSL/TLS connections)
• <use_ssl>: "true" for SSL/TLS, "false" for plain HTTP

Example:

python3 metadata_uploader_scanner.py example.sap.com 443 true

Additional Resources and Support

For more information about the SAP Visual Composer vulnerability and its potential impact, refer to the [SAP Visual Composer Threat Report](link to report would go here). Onapsis is committed to improving this tool based on new threat intelligence.

Need Expert Help?

Contact Onapsis at [email protected] to learn how we can help you identify and address this vulnerability and other SAP security risks in your environment.