CVE-2025-42999: SAP NetWeaver Deserialization Vulnerability. SAP NetWeaver

SAP NetWeaver Deserialization Vulnerability. SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.

• CISA KEV-listed (remediation due 2025-06-05)
• EPSS 38.6% (97.3% percentile)

Browse the CVE database

Read the full analysis on IntelFusions