On April 24, 2025, SAP disclosed CVE-2025-31324, a critical vulnerability (CVSS 10.0) in SAP NetWeaver’s Visual Composer Framework (version 7.50). This flaw allows unauthenticated attackers to upload arbitrary files via the /developmentserver/metadatauploader endpoint, potentially leading to remote code execution and full system compromise....