CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-42999

criticalknown exploitedcovered by 1 sourcefirst seen 2025-05-15
Actively exploited. CVE-2025-42999 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-05-15) — exploitation has been observed in the wild, and US federal agencies are required to remediate it under BOD 22-01. Treat patching as urgent.
SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.

CSIRTS triage

What
A deserialization vulnerability allows a privileged attacker to compromise the system's confidentiality, integrity, and availability.
Who is affected
Deployments of SAP NetWeaver that utilize the Visual Composer Metadata Uploader.
Urgency
Immediate remediation is necessary due to active exploitation and critical severity.
Action
Apply the latest security patch from SAP to mitigate the risk.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2025-42999

Get an email if CVE-2025-42999 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2025-42999

CVE.org record

CISA KEV catalog

Embed the live status

CVE-2025-42999 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2025-42999 status](https://www.csirts.com/badge/CVE-2025-42999)](https://www.csirts.com/cve/CVE-2025-42999)