On August 15, 2025, exploit code was released that chains two critical vulnerabilities in SAP NetWeaver’s Visual Composer to bypass authentication and achieve remote code execution.