CVE-2025-42999CISA KEV: Actively Exploited

SAP NetWeaver Deserialization Vulnerability

Published May 15, 2025·Updated May 15, 2025

Description

SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free