In this episode of IT SPARC Cast - CVE of The Week, John and Lou break down CVE-2025-31324 — a critical remote code execution vulnerability in SAP NetWeaver’s Visual Composer. With a CVSS score of 9.8, this exploit is not just theory — it’s actively being weaponized by ransomware gangs, Chinese APTs, and groups like BianLian and RansomEXX. Despite SAP issuing emergency patches in April 2025, organizations continue to get hit, proving that unpatched systems remain a massive security liability.

We’ll explain how Visual Composer’s model-driven development tools became the attack vector, what full RCE means in an enterprise SAP environment, and why skipping patches can do more than just destabilize your system — it can destroy your business continuity. If you’re running SAP NetWeaver, this is your wake-up call to audit, patch, and double-check.

Stay ahead of threats. Patch often. Stay secure.

Subscribe for weekly threat insights from the world of Enterprise IT.

⸻

🔗 Social Links

IT SPARC Cast

@ITSPARCCast on X

SPARC Sales on LinkedIn

John Barger

@john_Video on X

John Barger on LinkedIn

Lou Schmidt

@loudoggeek on X

Lou Schmidt on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.