Tag Archives: Onapsis

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server

1 Reply

September In the Trend of VM (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server. A traditional monthly roundup – for the first time with NO Microsoft vulnerabilities! 😲🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of eight trending vulnerability IDs in four products:

🔻 Remote Code Execution – WinRAR (CVE-2025-6218, CVE-2025-8088). An exploitable RCE during archive extraction.
🔻 Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999). An exploitable RCE in a component of a popular ERP system.
🔻 Remote Code Execution – 7-Zip (CVE-2025-55188). Mostly a Linux RCE during archive extraction – a public exploit is available.
🔻 Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114). Critical flaws in Russian videoconferencing system.

На русском

About Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999) vulnerability

Leave a reply

About Remote Code Execution - SAP NetWeaver (CVE-2025-31324, CVE-2025-42999) vulnerability

About Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999) vulnerability. SAP NetWeaver is the core SAP platform for running applications and integrating systems. Vulnerabilities were found in its Visual Composer component – a web tool for business app modeling. A lack of authorization checks (CVE-2025-31324) and insecure deserialization (CVE-2025-42999) allows unauthenticated attackers to perform remote code execution and compromise SAP systems, data, and processes.

🩹 The vulnerabilities were fixed by SAP in April and May 2025.

👾 On May 13, Onapsis researchers reported that CVE-2025-31324 had been exploited since February 10. The CVEs were added to CISA KEV on April 29 and May 15.

🛠 PoCs for CVE-2025-31324 began appearing on GitHub in late April. A public exploit combining CVE-2025-31324 and CVE-2025-42999 was reported by Onapsis on August 15.

📊 According to estimates, SAP products are still used by around 2,000 Russian organizations.

На русском