Critical vulnerability in SAP NetWeaver enables malicious file uploads

This advisory documents exploitation of SAP CVE-2025-31324, recommends log hunting for requests to /developmentserver/metadatauploader, and instructs searching J2EE directories for unexpected JSP web shells. It enumerates IOCs including IPs, domains, URLs (notably links to config.sh and xmrig-related scripts), and malicious filenames to support detection and mitigation.