CVE-2025-42999

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (affected versions not specified)

Description The Metadata Uploader function of the Visual Composer tool in SAP NetWeaver contains a flaw in its deserialization mechanism. Deserialization is the process of converting a data stream back into an object. This issue allows a privileged user or a remote attacker to execute arbitrary code by sending specially crafted HTTP requests containing untrusted or malicious content. Real-world exploitation of this issue has been recorded, where it was used in conjunction with other flaws to bypass authentication and achieve remote code execution, potentially compromising the confidentiality, integrity, and availability of the host system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.