【Vulnerability Alert】SAP Patches Critical Security Vulnerability in NetWeaver Application Server (CVE-2025-42999)

Posted Date: 2025/05/22 \

Subject: 【Vulnerability Alert】SAP Patches Critical Security Vulnerability in NetWeaver Application Server (CVE-2025-42999)

Description:
- Forwarded by Taiwan Computer Network Crisis Coordination Center TWCERTCC-200-202505-00000017
- SAP has announced a critical security vulnerability in its NetWeaver Application Server (CVE-2025-42999, CVSS: 9.1). This vulnerability exists in the Visual Composer Metadata Uploader component. When privileged users upload untrusted or malicious content, if the content is deserialized, it may cause damage to the host system.
Affected Platforms:
- VCFRAMEWORK version 7.50 of SAP NetWeaver
Recommended Actions:
- Please visit the official website for patching:
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2025.html
References:
- https://www.twcert.org.tw/tw/cp-169-10128-90f3a-1.html

Computer and Communication Center
Network Systems Group