Hunting 0-days in SAP: A Security Engineer's Tale

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Hunting 0-days in SAP: A Security Engineer's Tale

2025-04-12

A security engineer, while working on an SAP project, discovered and exploited two 0-day vulnerabilities in SAP setuid binaries, achieving local privilege escalation. The blog post details the vulnerability discovery process, from target identification and analysis to exploitation, culminating in root access. A tool called SAPCARve, developed to parse and manipulate SAP SAR archives, aided in the exploitation. Both vulnerabilities were assigned CVE-2024-47595 by SAP.

(www.anvilsecure.com)

Development vulnerability research security engineering

Apache Iceberg: Revolutionizing Geospatial Data Lakes

Delusions: A Broader, Culturally Informed Perspective