Share
## https://sploitus.com/exploit?id=20A935A4-4DAE-5FC9-BCEF-DE00FD53C6F2
# CVE-2025-31324
Proof-of-Concept 0day for SAP NetWeaver created by ShinyHunters

CVE-2025-31324 is a critical "Unrestricted File Upload" vulnerability affecting the SAP NetWeaver Application Server (AS) Java. Specifically, it resides within the Visual Composer component (VCFRAMEWORK).
The flaw allows an unauthenticated, remote attacker to upload arbitrary files (such as web shells) to the server. Successful exploitation results in Remote Code Execution (RCE) with the privileges of the SAP service user (typically sidadm), leading to full system compromise.
- CVSS v3 Score: 10.0 (Critical)
- Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Affected Component: SAP NetWeaver Visual Composer Metadata Uploader
  
Discovery: Disclosed April 2025; Exploited in the wild as a 0-day since March 2025.

In August 2025, a functional exploit chain (often linking CVE-2025-31324 with CVE-2025-42999) was leaked on Telegram channels and repositories associated with the "ShinyHunters" and "Scattered Spider" collectives.