The cybercriminal group ShinyHunters publicly released a weaponized exploit targeting critical SAP NetWeaver Visual Composer vulnerabilities (CVE-2025-31324 & CVE-2025-42999), enabling unauthenticated attackers to achieve full system takeover, remote code execution, and SAP administrator (adm) privilege escalation. The exploit chains an authentication bypass and a deserialization flaw, allowing arbitrary OS command execution, unrestricted access to sensitive business data, and potential lateral movement across enterprise systems. The exploit’s reusable deserialization gadget extends its threat scope to other recently patched SAP vulnerabilities (e.g., CVE-2025-30012, CVE-2025-42980), indicating advanced adversary knowledge of SAP’s architecture. Organizations failing to apply SAP Security Notes 3594142 and 3604119 risk complete compromise of ERP systems, including financial data, intellectual property (patents), customer records, and operational processes. The exploit’s public availability on Telegram and X (Twitter) amplifies the risk of widespread automated attacks, with potential cascading effects on supply chains, regulatory compliance (e.g., GDPR), and business continuity. The attack vector’s CVSS 10.0 severity underscores its capacity to disrupt core business functions, trigger ransomware deployments, or facilitate data exfiltration for espionage or financial fraud. Immediate patching and network segmentation are critical to mitigate exposure.