A critical vulnerability in SAP NetWeaver, tracked as CVE-2025-42999, is being actively exploited in the wild, posing a significant threat to organizations using the Visual Composer development server. The flaw, which has a CVSS score of 9.1, allows a privileged user to upload untrusted or malicious content. This content, when deserialized, can compromise the confidentiality, integrity, and availability of the host system.
The vulnerability was published on May 13, 2025, and was added to the Known Exploited Vulnerabilities (KEV) catalog on May 15, 2025, highlighting its critical nature and the urgency for remediation. With an Exploit Prediction Scoring System (EPSS) score of 0.503, the likelihood of exploitation is significant, and the vulnerability was exploited within just one day of disclosure, underscoring the rapidity with which attackers have moved to leverage this flaw.
The vulnerability stems from improper handling of serialized data in the SAP NetWeaver Visual Composer Metadata Uploader. This can lead to remote code execution, allowing attackers to potentially take full control of affected systems. Given the criticality of the flaw, organizations using SAP NetWeaver should prioritize patching to mitigate the risk of exploitation.
SAP has released patches to address this vulnerability, and security teams are advised to apply these updates immediately. The Security Software Vulnerability Classification (SSVC) recommends attending to this issue promptly to prevent potential breaches. Organizations should also review their systems for any signs of compromise and ensure that their security measures are up to date to defend against such attacks.
CSURFACE