Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-42977

SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confidentiality and a low impact on integrity.

Published

2025-06-10T01:15:21.220

Last Modified

2025-06-12T16:06:39.330

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

References

https://me.sap.com/notes/3610591 ([email protected])
https://url.sap/sapsecuritypatchday ([email protected])