CVE-2025-42999 Insecure Deserialization in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system...

Deserialization of untrusted data

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...