Hacker Groups Publish Exploits for SAP Vulnerabilities
On August 15, 2025, cybersecurity threats escalated as the hacker group 'Scattered LAPSUS$ Hunters – ShinyHunters' and VX Underground published fully functional exploit scripts targeting SAP vulnerabilities. These exploits, targeting CVE-2025-31324 and CVE-2025-42999, can lead to remote code execution and full system compromise.
The exploit scripts, published in Telegram groups, combine CVE-2025-31324 with a deserialization vulnerability (CVE-2025-42999) to execute malicious code with SAP system permissions. This allows an unauthenticated attacker to run arbitrary commands on the target SAP system.
SAP patched these vulnerabilities in April and May, but companies must ensure their systems are up-to-date to prevent future exploit attempts. Onapsis customers have comprehensive internal coverage for these vulnerabilities, and open-source scanners are available for analysis.
The publication of the deserialization gadget is particularly concerning as it can be reused in other contexts to exploit deserialization vulnerabilities in SAP components. Companies should prioritize patching these vulnerabilities and maintaining up-to-date SAP systems to mitigate potential cyber threats.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Ukraine's Drone Revolution: Rapid Evolution and Countermeasures
- EU's Energy Infrastructure Under Siege: Cyber Attacks Surge 67% in 2025
- Vito Schnabel's Art & Real Estate Fortune Tops €10.4M
