All companies using systems based on SAP NetWeaver Application Server for Java should immediately apply the SAP Security Note #3594142. SAP published it in response to the discovered CVE-2025-31324 vulnerability, which allows cybercriminals to remotely take control of the SAP system.
All companies using systems based on SAP NetWeaver Application Server for Java should immediately apply the SAP Security Note #3594142. SAP published it in response to the discovered CVE-2025-31324 vulnerability, which allows cybercriminals to remotely take control of the SAP system.
The vulnerability marked as CVE-2025-31324 allows unauthorized access to SAP instances, remote code execution on the server, and full system takeover by an attacker. What makes this vulnerability particularly exceptional is that it has received the highest possible CVSS severity score – 10/10 (critical severity)
SAP SE has released an emergency patch in SAP Security Note #3594142, which is strongly recommended for immediate implementation.
It is absolutely necessary to implement the patch; however, this does not guarantee security if an attack has already taken place. Infected systems may remain at risk even after the update has been applied, as malicious software may continue to operate in the background, undetected by standard security mechanisms.
We recommend that immediate action be taken by IT departments, SAP Basis teams, and personnel responsible for system security within the organization.
Should you require assistance in evaluating the impact of this vulnerability on your SAP environment, please do not hesitate to contact us. We will support you throughout this process – from promptly patching the system to performing a full security analysis.
The office is open
Monday to Friday
from 8am to 4pm (CET)
General contact for the company
office.pl@all-for-one.com
Question about products and services
info.pl@all-for-one.com
Question about work and internships
kariera@all-for-one.com