CVE-2025-42999
Published May 13, 2025
Last updated 6 months ago
- Description
- SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
- Source
- cna@sap.com
- NVD status
- Analyzed
- Products
- netweaver
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SAP NetWeaver Deserialization Vulnerability
- Exploit added on
- May 15, 2025
- Exploit action due
- Jun 5, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cna@sap.com
- CWE-502
- Hype score
- Not currently trending
CVE-2025-42999 -SAP Visual Composer Metadata Uploader RCE; found/fixed after NetWeaver chain actively exploited - CyberDudeBivash PostMortem Analysis Read the full report on - https://t.co/IwUtm8YD7O https://t.co/2x7POqtS8P
@cyberbivash
2 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Active exploits target SAP NetWeaver flaws CVE-2025-31324 & CVE-2025-42999. Attackers upload web shells & abuse deserialization for RCE. Patch via SAP Notes 3594142 & 3604119, restrict /metadatauploader, and remove vulnerable components ASAP
@bountyayush
21 Oct 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CRITICAL SAP ALERT! Exploitation of SAP NetWeaver is confirmed via two major flaws: CVE-2025-31324 and CVE-2025-42999. If you run SAP, your core business processes are at risk. Full Report on - https://t.co/3nuikOQQQz https://t.co/HY8CiJ0vKE
@cyberbivash
28 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP NetWeaver RCE (CVE-2025-31324, CVE-2025-42999) A Critical flaws allow unauthenticated RCE & system takeover. Patched April/May 2025. Exploited since Feb 10 (Onapsis). 🛡️ Action: Patch now, monitor, restrict access. #SAP #Cybersecurity @avleonovcom https://t.co/I9AFa
@CyberWolfGuard
24 Sept 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👾 CVE-2025-31324 & CVE-2025-42999: SAP NetWeaver Visual Composer RCEs exploited in the wild; public exploits available. Patches released, but thousands of orgs may remain vulnerable. #SAP #NetWeaver #Onapsis ➡️ https://t.co/LJNuwvVSDC https://t.co/vrHq5xugQP
@leonov_av
17 Sept 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP Threat Alert CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver Visual Composer under active exploitation. Attackers can gain SAP admin, steal data & disrupt operations.
@huseyin_yu46083
30 Aug 2025
4 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP Threat Alert CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver Visual Composer under active exploitation. Attackers can gain SAP admin, steal data & disrupt operations. 🔗 Full advisory: https://t.co/OWi56y75cJ #CyberSecurity #SAP #ThreatIntel https://t.co/goc9U
@sequretek_sqtk
29 Aug 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 New Exploit Chains Two Critical SAP NetWeaver Flaws for RCE https://t.co/tSmT9FfKLD A publicly released exploit combines CVE-2025-31324 and CVE-2025-42999 to achieve remote code execution with admin privileges on unpatched NetWeaver servers. The exploit enables stealthy
@Huntio
25 Aug 2025
1303 Impressions
7 Retweets
18 Likes
4 Bookmarks
0 Replies
0 Quotes
🛡️ Exploit público en SAP NetWeaver permite toma total del sistema Onapsis advirtió que se liberó un exploit que encadena dos: 1. CVE-2025-31324 (falta de autorización) 2. CVE-2025-42999 (deserialización insegura) en SAP NetWeaver. SAP lanzó actualizaciones en abr
@CycuraMX
20 Aug 2025
206 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
#Exploit for critical #SAP Netweaver flaws released (#CVE-2025-31324, CVE-2025-42999) https://t.co/QFSRbWL2uX
@ScyScan
20 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) https://t.co/rwKeswLCsp #HelpNetSecurity #Cybersecurity https://t.co/FbBt1NJJmY
@PoseidonTPA
20 Aug 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. https://t.co/foCm2qJbiM #SAP #NetWeaver #exploit #auth #bypass #RCE #cve #compromised #datatheft #CyberSecurity #CybersecurityNews #threatresq
@ThreatResq
20 Aug 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Public exploit chains SAP NetWeaver flaws CVE-2025-31324 & CVE-2025-42999, enabling remote code execution and bypassing authentication. Attacks active since March, involving ransomware & espionage groups. #SAPFlaws #RemoteCode #Germany https://t.co/GHlqVhiUTV
@TweetThreatNews
19 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShinyHunters release exploit for critical SAP vulnerabilities CVE-2025-31324 & CVE-2025-42999. Immediate patching required to prevent system takeover. Link: https://t.co/VH44Xs4eKV #Security #Exploit #Hacking #Threat #Patch #SAP #CVE #Cyber #Tech #Attack #Breach #Data #Softwa
@dailytechonx
19 Aug 2025
79 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Yeni ortaya çıkan bir açık, SAP NetWeaver sistemlerinde ciddi güvenlik riskleri oluşturuyor. İki kritik güvenlik açığının (CVE-2025-31324 ve CVE-2025-42999) birleşimiyle oluşan bu istismar, kimlik doğrulamasını atlayarak sistemlere uzaktan kod çalıştırma imk
@et2mas
19 Aug 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 استغل عيب جديد يجمع بين ثغرتين حرجة في SAP NetWeaver، مما يعرض الأنظمة غير المرقعة لخطر الاختراق وسرقة البيانات. الثغرتان CVE-2025-31324 وCVE-2025-42999 يمكنهما تجاوز مصا
@Cybercachear
19 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new exploit chain targets SAP NetWeaver vulnerabilities CVE-2025-31324 & CVE-2025-42999, enabling remote code execution. Ransomware gangs and Chinese APTs exploited these flaws. #SAPExploits #RemoteCodeExec #ChinaAPT https://t.co/Glxb47TqDs
@TweetThreatNews
19 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new, weaponized exploit for critical #SAP #vulnerabilities CVE-2025-31324 and CVE-2025-42999 is now public. If your systems are unpatched, they're at high risk. Act now: apply SAP security notes 3594142 and 3604119. Get the full story ➡️ https://t.co/w7XaUKhutP #cybersecu
@onapsis
18 Aug 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
⚠️ New threat advisory: SAP zero-days CVE-2025-31324 & CVE-2025-42999 are under active exploitation. Dave DeWalt (@nightdragon) called them among the most serious SAP threats in years. Get intel, IOCs & IR guidance → https://t.co/uTbBHPIoAI #SAPSecurity #CVE2025
@onapsis
23 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilities impacting SAP NetWeaver (CVE-2025-31324 and CVE-2025-42999) https://t.co/DNjFh87FE7 https://t.co/ft6XgGhEwV
@djhsecurity
21 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
La principal amenaza se centra en dos vulnerabilidades criticas en los sistemas SAP: CVE-2025-31324 y CVE-2025-42999. https://t.co/lNbXfTukiq #alertasdeciberseguridad #Ataquesciberneticos #BarracudaNetworks #Ciberseguridad #Firewall #SAP https://t.co/BBh316TicY
@Cobra_Networks
19 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42999 (CVSS:9.1, CRITICAL) is Analyzed. SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious c..https://t.co/JVQoejyoGK #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
18 May 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. The company issued security updates for this security flaw (CVE-2025-42999) on Monday May 12. https://t.co/nWxJccnpLr https://t.co/dRqiFUujcl
@riskigy
16 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP Issues Emergency Patches for Second Zero-Day Vulnerability! SAP has released critical security updates to patch a second zero-day vulnerability (CVE-2025-42999) affecting NetWeaver servers. This issue was discovered during a broader investigation into previous attacks https:
@ChbibAnas
15 May 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft Patch Tuesday: 78 Flaws, 5 Zero-Days Exploited! 🔍 28 RCE, 20 EoP bugs fixed 🔐 SAP NetWeaver critical flaw (CVE-2025-42999) patched Patch NOW: ✅ CVE-2025-30400 (Win DWM Core) ✅ CVE-2025-29813 (Azure, CVSS 10.0) 🛡️ Protect your systems #PatchTuesday #
@CyberWolfGuard
15 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP、ゼロデイ攻撃で悪用された脆弱性を修正(CVE-2025-42999) #セキュリティ対策Lab #セキュリティ #Security https://t.co/eU7h11mTd1
@securityLab_jp
15 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SAP Patches Second Zero-Day Under Active Exploitation CVE-2025-42999 lets attackers upload web shells & run commands without login. Over 2,000 systems at risk—patch ASAP. https://t.co/niQDeHBYhA #SAP #ZeroDay #CyberSecurity https://t.co/JsUp1pW53Y
@dCypherIO
14 May 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42999: Deserialization of Untrusted Data in SAP NetWeaver, 9.1 rating 🔥 Vuln in SAP NetWeaver allows a privileged attacker to upload arbitrary content. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/QB2bUdSilo #cybersecurity #vulnerability_map https://t
@Netlas_io
14 May 2025
632 Impressions
5 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨SAP Zero-Day Alert! SAP patches another zero-day (CVE-2025-42999) in NetWeaver after active attacks. Over 2,000 servers exposed, 474 compromised. ⚠️ Apply patches now. Disable Visual Composer. Monitor for suspicious activity. #cybersecurity #SAP #Zeroday #TechpostAi ht
@TechPostAI
14 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT UPDATE: Another SAP flaw under active exploitation! CVE-2025-42999 (CVSS 9.1) is now confirmed actively exploited — allows attackers to execute commands via insecure deserialization in NetWeaver. 🛠 Patch now: SAP Note 3604119 Read: https:... https://t.co/X8IpH
@IT_news_for_all
14 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT UPDATE: Another SAP flaw under active exploitation! CVE-2025-42999 (CVSS 9.1) is now confirmed actively exploited — allows attackers to execute commands via insecure deserialization in NetWeaver. 🛠 Patch now: SAP Note 3604119 Read: https://t.co/g1JwIenCu3 http
@TheHackersNews
14 May 2025
10602 Impressions
45 Retweets
94 Likes
8 Bookmarks
0 Replies
1 Quote
🚨Fortinet、FortiVoiceシステムへの攻撃で悪用されたゼロデイを修正:CVE-2025-32756 ⚠️SAP、最近の攻撃で悪用された第2のゼロデイにパッチ:CVE-2025-42999 〜サイバーアラート 5月14日〜 https://t.co/0k8zbEeOq8 #セキュリ
@MachinaRecord
14 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP、最近の攻撃で悪用された2つ目のゼロデイ脆弱性を修正(CVE-2025-42999、CVE-2025-31324) https://t.co/mnS0LlmVgw #Security #セキュリティ #ニュース
@SecureShield_
14 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP patches two critical vulnerabilities (CVE-2025-31324 & CVE-2025-42999) exploited in recent zero-day attacks to upload web shells & backdoors. Organizations must update SAP NetWeaver now. 🚨 #SAP #CyberThreats #Germany https://t.co/WkjQyqSzYK
@TweetThreatNews
13 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP has issued patches for CVE-2025-42999 in NetWeaver servers after zero-day attacks, urging users to install them. Investigations revealed unauthorized uploads linked to a Chinese actor, with over 2,040 exposed servers identified. #Security https://t.co/gEysMXna2D
@Strivehawk
13 May 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualización de seguridad de SAP ❗CVE-2025-42999 ❗CVE-2025-30018 ❗CVE-2025-43010 ❗CVE-2025-43000 ❗CVE-2025-43011 ➡️Más info: https://t.co/FYfAYEsdyL https://t.co/PRTHNHg1wY
@CERTpy
13 May 2025
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42999 SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potenti… https://t.co/L90EIudb71
@CVEnew
13 May 2025
450 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-42999: CRITICAL] Update SAP NetWeaver Visual Composer Metadata Uploader to avoid a security flaw. Careful with untrusted uploads, protect confidentiality, integrity, and availability.#cve,CVE-2025-42999,#cybersecurity https://t.co/WgY9qeO1fO https://t.co/YXaa5SLEdW
@CveFindCom
13 May 2025
74 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74F7C92A-48F7-456A-BDFF-91A482DE8546",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]