CVE-2025-42999

CRITICAL KEV RANSOMWARE

SAP NetWeaver Visual Composer Metadata Uploader - Code Injection

Title source: llm

Description

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

Exploits (1)

github SCANNER 8 stars

by Onapsis · pythonpoc

https://github.com/Onapsis/Onapsis-Mandiant-CVE-2025-31324-Vuln-Compromise-Assessment

View Code ZIP pw:eip

References (4)

[Permissions Required] https://me.sap.com/notes/3604119

[Vendor Advisory] https://url.sap/sapsecuritypatchday

[Exploit, Third Party Advisory] https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-42999

Scores

CVSS v3 9.1

EPSS 0.7025

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2025-05-15

VulnCheck KEV 2025-04-27

ENISA EUVD EUVD-2025-14349

Ransomware Use Confirmed

Classification

CWE

CWE-502

Status published

Affected Products (1)

sap/netweaver

Timeline

Published May 13, 2025

KEV Added May 15, 2025

Tracked Since Feb 18, 2026