New SAP NetWeaver Zero-Day RCE Exploit Uses ABAP Backdoors & Dynamic Payloads

Friday, 2 January

Tuesday, 19 August, 2025

New SAP NetWeaver Zero-Day RCE Exploit Uses ABAP Backdoors & Dynamic Payloads

A sophisticated zero-day exploit targeting SAP NetWeaver’s ICM component enables unauthenticated attackers to achieve remote code execution (RCE) and install stealthy backdoors. The exploit sends crafted HTTP requests to the metadatauploader endpoint, triggering ABAP code injection and buffer overflow. Attackers insert hidden ABAP programs for persistent access and data theft via SQL manipulation. The script masks itself within legitimate SAP logic—making detection extremely difficult.

Read full story at Cybersecurity News

Tags:SAP attackers code execution

Download the TechShots App

IT Trends Move Fast. Stay Faster.

Android iOS

Categories

New SAP NetWeaver Zero-Day RCE Exploit Uses ABAP Backdoors & Dynamic Payloads

Also Read

France to Follow Australia's Lead with Proposed Social Media Ban

Trump Media to Distribute Exclusive Digital Tokens to Shareholders in New Crypto Venture

19-kg Commercial LPG Prices Hiked by Over ₹110 on New Year’s Day 2026

UPI Shatters Records in 2025: Annual Transaction Value Hits Rs 300 Lakh Crore

Industry Spars with Government Over Tighter Rules for Chip Design Incentive Scheme

Elon Musk Claims Massive Tax Bill Overwhelmed IRS Systems

Cognizant Hit With U.S. Lawsuits Following Major TriZetto Healthcare Data Breach

Samsung Electronics Secures Customer Praise for High-Performance HBM4 Chip Competitiveness

Sony PS6 Launch Facing Potential Delays Due to Global Memory Shortage

Download the TechShots App

Subscribe To Our Newsletter.