In a stunning show of progress, the tech world has managed to combine the thrill of a scavenger hunt with the convenience of shopping at a secondhand store. Thanks to a brand-new exploit circulating the digital alleys, hackers can now enjoy a two-for-one deal, chaining two critical SAP NetWeaver flaws, CVE-2025-31324 and CVE-2025-42999, to bypass authentication and achieve remote code execution. Who knew wholesale hacking could be this accessible?

The digital marketplace, apparently inspired by the retail industry’s penchant for BOGO sales, has made it easier than ever for organizations to experience the joy of system compromise and data theft without ever leaving their keyboards. Why wait for Black Friday when remote code execution is just a few clicks away? It’s the holiday gift that keeps on giving, or taking, rather.

SAP, ever the trendsetter in the enterprise world, has already patched these vulnerabilities, lending a certain retro charm to those systems that remain unpatched. It’s like running Windows XP in a world of Windows 11; quaint, but deeply unsettling. Experts suggest updating immediately, though perhaps keeping an eye out for the limited edition vinyl record version of your security breach.