This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals.
Threat Intelligence
ReliaQuest and watchtower confirmed CVE-2025-31324 is being actively exploited in the wild.
System Affected
  • VCFRAMEWORK version 7.50
Risk
Government:
- Large and medium government entities: High
- Small government entities: Medium
Businesses:
- Large and medium business entities: High - Small business entities: Medium
Home Users: Low
Recommendations
  • Apply appropriate updates provided by SAP to vulnerable systems immediately after appropriate testing.
  • Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Use vulnerability scanning to find potentially exploitable software vulnerabilities to remediate them.
  • Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems.
  • Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
References ReliaQuest: https://forums.ivanti.com/s/<wbr />article/Security-Advisory-EPM-<wbr />April-2025-for-EPM-2024-and-<wbr />EPM-2022-SU6?language=en_US BleepingComputer: https://www.bleepingcomputer.<wbr />com/news/security/sap-fixes-<wbr />suspected-netweaver-zero-day-<wbr />exploited-in-attacks/
Reporting
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.