| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-42999 | SAP NetWeaver Deserialization Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This deserialization vulnerability in NetWeaver Visual Composer, when chained with CVE-2025-31324, allows an attacker to execute unauthenticated remote code with administrator privileges, leading to consequences such as web shell deployment.
References
|
| CVE-2025-42999 | SAP NetWeaver Deserialization Vulnerability | exploitation_technique | T1203 | Exploitation for Client Execution |
Comments
This deserialization vulnerability in NetWeaver Visual Composer, when chained with CVE-2025-31324, allows an attacker to execute unauthenticated remote code with administrator privileges, leading to consequences such as web shell deployment.
References
|
| CVE-2025-42999 | SAP NetWeaver Deserialization Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This deserialization vulnerability in NetWeaver Visual Composer, when chained with CVE-2025-31324, allows an attacker to execute unauthenticated remote code with administrator privileges, leading to consequences such as web shell deployment.
References
|
| CVE-2025-42999 | SAP NetWeaver Deserialization Vulnerability | secondary_impact | T1505.003 | Web Shell |
Comments
This deserialization vulnerability in NetWeaver Visual Composer, when chained with CVE-2025-31324, allows an attacker to execute unauthenticated remote code with administrator privileges, leading to consequences such as web shell deployment.
References
|