Threat Actors Hacking SAP Critical Flaw - GovInfoSecurity

Threat actors are exploiting a zero-day flaw in SAP Visual Composer, a web-based software development tool. The vulnerability, CVE-2025-31324, allows unauthenticated attackers to upload webshells and gain control of targeted systems. SAP recommends disabling Visual Composer or restricting access to the development server.