CVE-2025-42999 — SAP NetWeaver Deserialization Vulnerability

Description

SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.

How to fix CVE-2025-42999

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2025-42999 being exploited?

Yes — CVE-2025-42999 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.