CVE-2025-42999 Insecure Deserialization in SAP NetWeaver (Visual Composer development server)

May 14, 2025 invoker category_news

Security Update News

Update Information

Title CVE-2025-42999 Insecure Deserialization in SAP NetWeaver (Visual Composer development server)
Update ID CVELIST:CVE-2025-42999
Type cvelist
Published 2025-05-13T00:17:43
Last Updated 2025-05-13T01:38:43

Security Impact

CVSS Score 9.1
Severity CRITICAL
Attack Vector NETWORK

Affected CVEs

  • CVE-2025-42999

Update Details

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.