// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-wedgDTG 0600Z
Breach Record

SAP

DISCLOSED 2025-05-20 · RANSOMWARE · RANSOMWARE

The Qilin ransomware group exploited CVE-2025-31324, a critical zero-day in SAP NetWeaver Visual Composer, weeks before its public disclosure. The vulnerability allowed unauthenticated attackers to upload web shells for remote code execution. Defensive controls, including EDR, blocked post-exploitation activities, preventing lateral movement and data exfiltration.

The record

What we know

Disclosed
2025-05-20
Attack vector
Ransomware
RANSOMWARE
Sources

Cited reporting

Similar vector · recent

Other ransomware breaches on file

This page is the permanent ColdRecon entry for the SAP disclosure. It updates if new public reporting emerges. All tracked breaches →

SAP just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →