CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-42999

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.117

EPSS Ranking 93.3%

CVSS Severity

CVSS v3 Score 9.1

Proposed Action

SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.

Ransomware Campaign

Unknown

References

https://me.sap.com/notes/3604119
https://url.sap/sapsecuritypatchday
https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Products affected by CVE-2025-42999

Sap » Netweaver » Version: 7.5

cpe:2.3:a:sap:netweaver:7.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-42999

Products

Pricing

Contact Us