📄 SAP NetWeaver 7.50 Visual Composer Metadata Shell Upload

SAP NetWeaver Visual Composer contains an unauthenticated file upload vulnerability in the metadata uploader component that allows attackers to upload arbitrary files including JSP web shells and WAR applications, leading to remote code execution on the SAP server. The vulnerability exists in the...

SAP NetWeaver Visual Composer Metadata Uploader Installed

Binary data sapnwmduinstalled.nbin...

SAP NetWeaver Visual Composer Metadata Uploader Deserialization Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader is a component in SAP NetWeaver for uploading metadata. A deserialization vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader that originates from deserializing malicious content, which can be exploited by an attacker to cause a...

SAP Netweaver Visual Composer Multiple Vulnerabilities (May 2025)

SAP NetWeaver Visual Composer is affected by multiple vulnerabilities, including the following: - SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of...

CVE-2025-42999

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system...

PT-2025-20812

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Visual Composer affected versions not specified Description The issue arises when a privileged user uploads untrusted or malicious content, which upon deserialization, could compromise the confidentiality, integrity, and...

CVE-2025-42999

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. Recent assessments: Assessed Attacker...

SAP NetWeaver Visual Composer Metadata Uploader 安全漏洞

SAP NetWeaver Visual Composer Metadata Uploader is a component in SAP NetWeaver for uploading metadata. A deserialization vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader that originates from deserializing malicious content, which can be exploited by an attacker to cause a...

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

CVE-2025-31324 CVE-2025-31324, SAP Exploit POST /developme...

VulnCheck KEV: CVE-2025-42999

SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content...

CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

CVE-2017-9844

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer...