New SAP NetWeaver Zero-Day RCE Exploit Uses ABAP Backdoors & Dynamic Payloads

Tuesday, 19 August

Tuesday, 19 August, 2025

New SAP NetWeaver Zero-Day RCE Exploit Uses ABAP Backdoors & Dynamic Payloads

A sophisticated zero-day exploit targeting SAP NetWeaver’s ICM component enables unauthenticated attackers to achieve remote code execution (RCE) and install stealthy backdoors. The exploit sends crafted HTTP requests to the metadatauploader endpoint, triggering ABAP code injection and buffer overflow. Attackers insert hidden ABAP programs for persistent access and data theft via SQL manipulation. The script masks itself within legitimate SAP logic—making detection extremely difficult.

Read full story at Cybersecurity News

Tags:SAP attackers code execution

Categories

New SAP NetWeaver Zero-Day RCE Exploit Uses ABAP Backdoors & Dynamic Payloads

Also Read

For paper to cloud: the Future of Exams?

New SAP NetWeaver Zero-Day RCE Exploit Uses ABAP Backdoors & Dynamic Payloads

Credgenics Acquires Majority Stake in Arrise to Create Full-Stack Collections Powerhouse

PixelSky Capital Nets ₹150 Cr in First Close, Eyes ₹400 Cr Target for Indian Secondary Fund

VCs Flock to Indian Developer Tools Startups Amid AI Surge

OpenAI Launches ChatGPT Go in India for ₹399/month, India-Only Tier under $5

Allianz Life Data Breach Exposes 1.1M Customer Records; Wide-Scale Identity Risks

SoftBank Injects $2B into Intel, Becoming Sixth-Largest Shareholder Amid AI Chip Revival

Meta Embarks on Fourth AI Shakeup in Six Months to Turbocharge AGI Push

Subscribe To Our Newsletter.