CVE-2025-42999

Critical KEV CVSS: 9.1

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

Vendor

Sap

Product

Netweaver

CWE

CWE-502

Yayın Tarihi

2025-05-13 01:15:48

Güncelleme

2025-10-31 21:58:56

Source Identifier

cna@sap.com

KEV Date Added

2025-05-15

Kategoriler

CWE-502 Netweaver CRITICAL Sap 2025

Referanslar

https://me.sap.com/notes/3604119 https://url.sap/sapsecuritypatchday https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-42999

Benzer Kayıtlar

Medium

CVE-2026-24314

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which…

Medium

CVE-2026-24327

Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages),…

Medium

CVE-2026-24328

SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when cli…

Medium

CVE-2026-24325

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripti…

Medium

CVE-2026-24326

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker w…

Medium

CVE-2026-24321

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these op…