**Name of the Vulnerable Software and Affected Versions:**

SAP NetWeaver Visual Composer Metadata Uploader (affected versions not specified)

**Description:**

SAP NetWeaver Visual Composer Metadata Uploader is susceptible to a deserialization issue. A privileged user can upload untrusted or malicious content, which, upon deserialization, could compromise the confidentiality, integrity, and availability of the host system. This vulnerability allows attackers to execute commands via insecure deserialization. Reports indicate active exploitation of this issue, linked to a Chinese actor, with over 2,000 servers exposed and 474 compromised. The vulnerability is related to flaws in the deserialization mechanism within the Visual Composer development server and is used in conjunction with CVE-2025-31324. An exploit exists that bypasses authentication and enables remote code execution.

**Recommendations:**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.