3 min read
By: RedLegg's Cyber Threat Intelligence Team
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES:
SAP NetWeaver Visual Composer Metadata Uploader Insecure Deserialization Vulnerability
CVSS Score: 9.1 (Critical)
Identifier: CVE-2025-42999
Exploit or Proof of Concept (PoC): Yes – Actively exploited in the wild
Update: CVE-2025-42999 – SAP Security Advisory
Description: CVE-2025-42999 is a critical vulnerability in SAP NetWeaver Visual Composer's Metadata Uploader component. The flaw arises from insecure deserialization, allowing a privileged user to upload untrusted or malicious content. When deserialized, this content could compromise the confidentiality, integrity, and availability of the host system. This vulnerability has been actively exploited in the wild, often in conjunction with CVE-2025-31324, to execute arbitrary commands remotely without authentication.
Mitigation Recommendation: SAP has released Security Note 3604119 to address this vulnerability. Administrators are strongly advised to apply this update immediately. Additionally, it is recommended to disable the Visual Composer service if not in use, restrict access to metadata upload functions, and monitor systems for any unusual activity.
Note: Given the active exploitation of this vulnerability, prompt action is essential to secure affected systems. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of your infrastructure.
