SAP NetWeaver Metadata Uploader Vulnerability (CVE-2025-31324)

CVE-2025-31324 is a critical unauthenticated arbitrary file upload vulnerability in SAP NetWeaver Development Server's metadatauploader endpoint that enables remote code execution; active exploitation began in March–April 2025 and escalated after an August 2025 public exploit release, with observed JSP web shells and a Linux backdoor (Auto-Color). The report provides technical details, IoCs (file hashes, URIs, request patterns), MITRE ATT&CK mappings, and remediation advice including applying the September 2025 SAP patch, network restrictions, and IDS/EDR detection recommendations.