SAP Netweaver Visual Composer Unrestricted File Upload (3084487)

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...

CVE-2025-42977 Directory Traversal vulnerability in SAP NetWeaver Visual Composer

SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confidentiality and a low impact on integrity...

SAP NetWeaver Visual Composer 路径遍历漏洞

SAP NetWeaver Visual Composer is a graphical modeling environment in the SAP NetWeaver platform for rapid development and deployment of composite applications. A directory traversal vulnerability exists in SAP NetWeaver Visual Composer, which stems from insufficient input path validation, and can...

Vulnerabilities fixed in SAP products

SAP has fixed multiple vulnerabilities in various SAP products, including NetWeaver, NetWeaver Visual Composer, SAP GUI, pcde, Business Objects, HANA and other components. The vulnerabilities include an unlimited file upload error that allows unauthenticated users to upload malicious files, which...

CVE-2025-42999 Insecure Deserialization in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system...

CVE-2025-42999 Insecure Deserialization in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system...

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

SAP-CVE-2025-31324 POC A tool to detect and exploit a critica...

CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

CVE-2025-31324

CVE-2025-31324 affects SAP NetWeaver Visual Composer Metadata Uploader (VCFRAMEWORK). Unauthenticated uploads to /developmentserver/metadatauploader allow remote code execution with SAP service user privileges (RCE in VCFRAMEWORK) and can compromise confidentiality, integrity, and availability. C...

SAP NetWeaver Visual Composer Metadata Uploader 代码问题漏洞

SAP NetWeaver Visual Composer Metadata Uploader is a tool for modeling assistance from SAP. A file upload vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader. The vulnerability is due to an unauthenticated agent uploading potentially malicious executable binaries because the...

VulnCheck KEV: CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries...

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A remote code injection vulnerability exists in SAP NetWeaver Visual Composer. An attacker could exploit the...

SAP Netweaver Visual Composer XML External Entity Injection Information Disclosure Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform, the platform can provide development and operation environment for SAP applications. An information disclosure vulnerability exists in SAP Netweaver Visual Composer. An attacker could exploit th...