SAP, the global enterprise software giant, has urgently issued security patches to fix a second zero-day vulnerability exploited in real-world cyberattacks. The vulnerability targeted SAP NetWeaver, a key component in many enterprise infrastructures. This revelation follows closely on the heels of another previously patched zero-day flaw, highlighting a growing trend of targeted exploitation against mission-critical enterprise systems.
What Happened?
SAP disclosed that the new zero-day vulnerability, now patched, was actively exploited by threat actors in recent attacks. The flaw affects SAP NetWeaver Application Server Java (AS Java). Left unpatched, it allows attackers to gain unauthorized access, escalate privileges, and potentially take control of affected SAP systems.
According to SAP’s security bulletin, the vulnerability, tracked as CVE-2024-4135, has a CVSS v3 score of 9.9, marking it as a critical issue. It enables unauthenticated remote attackers to exploit the flaw without needing any valid credentials—making it an attractive target for cybercriminals.
Key Vulnerability Details:
- Name: CVE-2024-4135
- Severity: Critical (CVSS Score 9.9/10)
- Affected Component: SAP NetWeaver AS Java
- Attack Vector: Remote
- Authentication Required: No
For official details and patch downloads, refer to SAP Security Patch Day – May 2025.
Why This Matters
SAP software runs critical processes in over 400,000 companies worldwide, including 92% of the Forbes Global 2000. When a vulnerability is found in such a core component, it puts global supply chains, financial operations, and sensitive data at immediate risk.
Recent cyberattacks are increasingly sophisticated, often exploiting zero-day flaws before vendors can release patches. These attacks are typically carried out by Advanced Persistent Threat (APT) groups, often linked to state-sponsored cyber espionage or high-level financial cybercrime.
Timeline of Exploitation
- April 2025: Security researchers discovered signs of active exploitation in the wild targeting SAP NetWeaver systems.
- Early May 2025: SAP’s internal team, in collaboration with cybersecurity partners, confirmed the presence of a new zero-day vulnerability.
- May 14, 2025: SAP released a security patch addressing CVE-2024-4135.
- Ongoing: Threat detection companies continue to observe attempts to exploit unpatched systems globally.
Who Is Affected?
Organizations using outdated versions of SAP NetWeaver AS Java are at the highest risk. This includes companies that haven’t yet applied recent security patches or have exposed SAP services to the internet—a common misconfiguration that significantly increases vulnerability.
Industries Most at Risk:
- Finance and Banking
- Manufacturing
- Government
- Healthcare
- Energy and Utilities
Expert Commentary
According to Onapsis, a leading SAP cybersecurity firm, the number of threat actors focusing on ERP systems has tripled in the last year. Their analysts observed increased probing of SAP NetWeaver ports and exploit kit activity on underground forums leading up to the patch.
“This second zero-day confirms that attackers are not just stumbling upon these flaws; they are actively researching SAP internals. Enterprises need to prioritize ERP security now more than ever.”
— Mariano Nunez, CEO, Onapsis
How to Mitigate the Risk
1. Apply SAP Patch Immediately
SAP has provided a hotfix for CVE-2024-4135. It’s imperative to apply it as soon as possible. Delay could mean exposure to ransomware, data theft, or system compromise.
2. Audit Public-Facing SAP Services
Use tools like Shodan or Nmap to identify exposed SAP services. Make sure no SAP system is accessible from the internet without strict firewall rules.
3. Monitor for Indicators of Compromise (IoCs)
SAP and its partners have released IoCs associated with this vulnerability. Organizations should integrate these into their SIEM solutions to detect signs of past or ongoing exploitation.
4. Implement Role-Based Access Control
Even if an attacker gains initial access, least privilege configurations can limit damage. Regularly review and restrict SAP user permissions.
5. Use a SAP Security-as-a-Service Solution
Consider adopting a third-party solution to monitor SAP systems for threats in real time.
Internal Link: Learn More About Cyber Threats
For in-depth guides on preventing and mitigating advanced cyber threats, visit our Cybersecurity News & Updates section on Cyber Cloud Learn.
External Resources
Impact on Cloud Environments
While the flaw directly affects on-premise SAP NetWeaver, many companies have hybrid deployments with cloud-hosted SAP instances on platforms like AWS, Azure, and Google Cloud. If not configured correctly, these environments can still be vulnerable to the same exploits.
Organizations using SAP S/4HANA in the cloud should work with their service providers to ensure patch propagation and proper network segmentation are enforced.
SEO Focus Keywords
To enhance visibility, we’ve included trending cybersecurity keywords relevant to this topic:
- SAP zero-day vulnerability
- CVE-2024-4135
- NetWeaver patch update
- enterprise ERP security
- SAP security patch May 2025
- critical SAP exploit
- cyberattack SAP NetWeaver
- SAP Java vulnerability
- SAP zero-day exploit 2025
- ERP system security
These keywords align with current search trends and can help boost your Google ranking when implemented effectively across blog headings, meta descriptions, and alt texts.
Lessons for the Cybersecurity Community
This incident underlines the critical need for proactive security in enterprise applications. While SAP remains one of the most secure enterprise platforms, the sheer complexity of its architecture creates multiple avenues for exploitation if not diligently maintained.
Organizations must treat ERP cybersecurity with the same priority as endpoint protection or cloud security. Neglecting this domain could expose sensitive business processes, intellectual property, and customer data to malicious actors.
Final Thoughts
The second zero-day flaw patched by SAP in less than a month is a wake-up call for enterprises worldwide. With cyber threats growing more complex and frequent, businesses must stay vigilant, apply patches promptly, and invest in robust SAP security monitoring solutions.
At Cyber Cloud Learn, we are committed to delivering timely, actionable insights to help your organization defend against evolving cyber threats. Stay informed, stay secure.
For more articles like this, explore our Cloud Security Section and subscribe to our newsletter for weekly updates.