Threat Brief: CVE-2025-31324
May 12, 2025, 7:17 a.m.
Description
CVE-2025-31324 is a critical vulnerability residing in the SAP NetWeaver Application Server Java's Visual Composer component (VCFRAMEWORK). While not installed by default, business analysts commonly use this component to create applications without coding, making it widely present in SAP deployments. following the public disclosure of this vulnerability, PaloAlto saw a variety of attacks exploiting this vulnerability and attempting to send different payloads to the server.
Tags
Date
- Created: May 12, 2025, 7:05 a.m.
- Published: May 12, 2025, 7:05 a.m.
- Modified: May 12, 2025, 7:17 a.m.
Indicators
- df492597eb412c94155a7f437f593aed89cfec2f1f149eb65174c6201be69049
- c7b9ae61046eed01651a72afe7a31de088056f1c1430b368b1acda0b58299e28
- b9ef95ca541d3e05a6285411005f5fee15495251041f78e715234b09d019b92c
- b3e4c4018f2d18ec93a62f59b5f7341321aff70d08812a4839b762ad3ade74ee
- 9fb57a4c6576a98003de6bf441e4306f72c83f783630286758f5b468abaa105d
- 888e953538ff668104f838120bc4d801c41adb07027db16281402a62f6ec29ef
- 7aab6ec707988ff3eec37f670b6bb0e0ddd02cc0093ead78eb714abded4d4a79
- 6c6c984727dc53af110ed08ec8b15092facb924c8ad62e86ec76b52a00a41a40
- 5a8ddc779dcf124fe5692d15be44346fb6d742322acb0eb3c6b4e90f581c5f9e
- 69bb809b3fee09ed3ec9138f7566cc867bd6f1e8949b5e3daff21d451c533d75
- 598b38f44564565e0e76aa604f915ad88a20a8d5b5827151e681c8866b7ea8b0
- 5919f2eab8a826d7ba84e6c413626f5d11ed412d7df0d3ab864f31d3a8db3763
- 4b17beee8c2d94cf8e40efc100651d70d046f5c14a027cf97d845dc839e423f9
- 427877aadd89f427e1815007998d9bb88309c548951a92a6e4064df001e327c2
- 3f5fd4b23126cb21d1007b479954af619a16b0963a51f45cc32a8611e8e845b5
- 2e6f348f8296f4e062c397d2f3708ca6fdeab2c71edfd130b2ca4c935e53c0d3
- 1abf922a8228fd439a72cfddf1ed08ea09b59eaa4ae5eeba1d322d5f3e3c97e8
- 85.106.113.168
- 65.49.235.210
- 47.97.42.177
- 45.76.93.60
- 31.192.107.157
- 192.3.153.18
- 158.247.224.100
- 138.68.61.82
- 108.171.195.163
- 107.173.135.116
- 103.207.14.195
- 101.99.91.107
- 101.32.26.154
- 223.184.254.150
- 206.188.197.52
- 101.32.26.15
- 51.79.66.183
- 205.169.39.55
- https://overseas-recognized-athens-oakland.trycloudflare.com/v2.js
- http://65.49.235.210/download/2.jpg
- http://47.97.42.177:3232
- http://31.192.107.157:38205/ReportQueue.exe
- http://138.68.61.82/4544
- http://108.171.195.163:8000/$FILE_NAME$.txt
- http://158.247.224.100:38205/EACA38DB.tmp
- http://101.32.26.154/rymhNszS/ansgdhs.bat
- overseas-recognized-athens-oakland.trycloudflare.com