VERY IMPORTANT

A critical remote code execution vulnerability (CVE-2025-31324) affects SAP NetWeaver Development Server, allowing attackers to upload malicious files through the metadatauploader endpoint. This vulnerability enables unauthenticated remote code execution, potentially leading to enterprise network compromise, data theft, and disruption of critical SAP processes. Active exploitation began in March 2025, with widespread attacks following the public release of an exploit script in August 2025. The vulnerability stems from improper validation of uploaded model files, allowing attackers to execute arbitrary code within the SAP NetWeaver server context. Protective measures include immediate patching, network monitoring, and restricting development server exposure to trusted networks.