Thought Leadership
Security experts have identified a serious security vulnerability in SAP NetWeaver that allows unauthorized access to company systems. The vulnerability became known in April 2025 and specifically affects the Visual Composer component of SAP Java systems.
By exploiting this vulnerability, attackers can inject JSP webshells to perform unauthorized file uploads and execute arbitrary code. What is particularly alarming is that these attacks do not require authentication and can bypass conventional security mechanisms of ERP systems.
This vulnerability was first discovered by ReliaQuest and subsequently confirmed by the SAP Threat Intelligence System from Onapsis. According to Onapsis Research Labs, potentially thousands of SAP applications are at risk.
Immediate measures required
SAP reacted immediately and published an emergency patch on April 24. Companies using SAP NetWeaver should install this patch immediately. The situation is particularly critical for internet-enabled cloud SAP systems. Here, experts advise assuming that a security breach has already occurred and initiating appropriate emergency measures.
Affected customers should apply SAP Security Note 3594142 or check Note 3596125 for possible solutions. A prompt response is crucial, as the vulnerability can lead to a complete compromise of the systems if successfully exploited.
Major impact on corporate security
This vulnerability is one of a series of critical vulnerabilities in enterprise software that have been discovered in recent years. SAP users need to be particularly careful, as the affected systems often manage business-critical data and processes.
In addition to applying the patch, security experts also recommend a thorough check of the systems for possible signs of compromise and the implementation of additional security measures to protect the SAP landscape.
