Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver CVE-2025-31324

Name: Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver CVE-2025-31324
Rating: 5 (132 reviews)

2025-05-10 | CVSS 10.0

## https://sploitus.com/exploit?id=FB3F504C-74B2-5C07-8C54-6AF54C2F9662
# CVE-2025-31324

A proof of concept developed to exploit [CVE-2025-31324](https://nvd.nist.gov/vuln/detail/CVE-2025-31324).

# Usage

```
usage: python CVE-2025-31324.py --help

SAP NetWeaver Visual Composer Metadata Uploader <= 7.50 CVE-2025-31324 PoC

positional arguments:
  FILE           local file to upload

optional arguments:
  -h, --help     show this help message and exit
  --https        use HTTPS?
  --RHOST RHOST  remote host
  --RPORT RPORT  remote port
  -v, --version  show program's version number and exit
```

Use the following Google dork `inurl:/developmentserver/metadatauploader` to find vulnerable istances.

# Affected Versions

All versions of SAP NetWeaver Visual Composer Metadata Uploader <= 7.50

# Patch Guidance

Please, refer to the [official documentation](https://me.sap.com/notes/3594142).

# Authors

Made by [@sug4r-wr41th](https://github.com/sug4r-wr41th)

# Disclaimer

Fair Use disclaimer: for educational purposes only.