A working exploit for two critical SAP Netweaver vulnerabilities, CVE-2025-31324 and CVE-2025-42999, has been released. The exploit, which chains the two vulnerabilities together, allows attackers to execute code on vulnerable SAP systems with administrator privileges. Organizations are advised to apply the latest security patches from SAP and monitor their systems for suspicious behavior.