SAP Stock Surges to 5.71 Billion Trading Volume Amid Critical Vulnerability Disclosure

On April 29, 2025, SAP's trading volume reached 5.71 billion, marking a 35.95% increase from the previous day. The company's stock price rose by 2.52%, extending its winning streak to six consecutive days, with a total gain of 16.77% over the past six days.

SAP recently disclosed a critical vulnerability in its NetWeaver Visual Composer, identified as CVE-2025-31324. This flaw, with a maximum CVSSCVS-- score of 10, affects all SAPSAP-- NetWeaver 7.xx versions and allows unauthenticated remote attackers to upload malicious executables, leading to remote code execution. The vulnerability arises from a missing authorization check in the Metadata Uploader component, enabling adversaries to exploit the system without proper validation or restriction on file types.

SAP NetWeaver serves as the technical backbone for various SAP applications, including ERP and CRM solutions. The vulnerability, which affects the /developmentserver/metadatauploader endpoint, allows attackers to craft malicious HTTP POST requests to upload JSP webshells into specific server paths. These webshells act as backdoors, enabling remote execution of arbitrary operating system commands. Organizations are advised to apply the emergency security update released by SAP to mitigate this risk and conduct proactive threat hunting to identify any post-exploitation activities.

The severity of the vulnerability has prompted widespread concern, with over 400 SAP NetWeaver servers reported to be impacted. Security professionals have emphasized the urgency of patching the critical zero-day bug to prevent further exploitation. The vulnerability's impact on large corporations and government agencies underscores the need for immediate action to safeguard sensitive data and maintain operational integrity.