Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver CVE-2025-31324

Name: Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver CVE-2025-31324
Rating: 5 (121 reviews)

2025-04-28 | CVSS 10.0

## https://sploitus.com/exploit?id=1293E6F2-4F3C-5D04-A2D2-301417301D2E
# SAP-CVE-2025-31324 POC

A tool to detect and exploit a critical unauthenticated file‐upload vulnerability in SAP NetWeaver Visual Composer.

# Description

SAP NetWeaver Visual Composer includes a component called Metadata Uploader which lacks proper authorization checks, allowing unauthenticated attackers to upload arbitrary executable files (e.g., JSP, WAR) to the application server and achieve remote code execution.

Affected Products

Product: SAP NetWeaver Visual Composer (VCFRAMEWORK 7.50)

Component: /developmentserver/metadatauploader

SAP Security Note: 3594142

1- Clone repository:

```git clone https://github.com/your-org/sap-cve-2025-31324-scanner.git```

```cd sap-cve-2025-31324-scanner```

2- Install dependencies 

```pip install requests urllib3```

```chmod +x scanner.py```

3- Single target scan

```./scanner.py -s sap.example.com:50000 -v```

4- Batch scan

```./scanner.py -l targets.txt -o report.txt```


# References

National Vulnerability Database: CVE‑2025‑31324 details (nvd.nist.gov)

SAP Support: Security Note 3594142 Patch Details