China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures

EclecticIQ reports that China‑nexus APTs actively exploited an unauthenticated file‑upload vulnerability in SAP NetWeaver Visual Composer (CVE-2025-31324) to deploy webshells and multi‑stage malware (KrustyLoader, SNOWLIGHT, VShell), compromising hundreds of systems across critical infrastructure sectors worldwide; the report includes observed C2/IOCs, attacker TTPs, victimology, and mitigation/detection recommendations.