VDB
CNVD-2025-14970
CNVD-2025-14970
PUBLISHED
CVSS 9.100000381469727 CRITICAL
SAP NetWeaver Visual Composer Metadata Uploader是SAP NetWeaver中的一个组件,用于上传元数据。 SAP NetWeaver Visual Composer Metadata Uploader存在反序列化漏洞,该漏洞源于反序列化恶意内容,攻击者可利用该漏洞导致主机系统安全受损。
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP NetWeaver (Visual Composer development server) | * |
Exploit Intelligence
- CIRCL exploited: CVE-2025-42999 (circl-sighting)
- https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/ (circl)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-42999 (circl)
- https://me.sap.com/notes/3604119 (circl)
- https://url.sap/sapsecuritypatchday (circl)
- CIRCL seen: CVE-2025-42999 (circl-sighting)
- CIRCL seen: CVE-2025-42999 (circl-sighting)
- CIRCL seen: CVE-2025-42999 (circl-sighting)
- CIRCL seen: CVE-2025-42999 (circl-sighting)
- CIRCL seen: CVE-2025-42999 (circl-sighting)
…and 47 more exploits
Timeline
- Jul 9, 2024 CVE Published
- May 13, 2025 PoC Published
- May 13, 2025 PoC Published
- May 14, 2025 PoC Published
- May 14, 2025 PoC Published
- May 14, 2025 PoC Published
- May 14, 2025 PoC Published
- May 14, 2025 PoC Published
- May 14, 2025 PoC Published
- May 14, 2025 PoC Published
- May 14, 2025 PoC Published
- May 15, 2025 PoC Published