SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

Related CVEs

CVE-2025-31324

Key Information

GHSA ID

GHSA-7w9p-pr7x-mjw2

Published

April 24, 2025 6:31 PM

Last Modified

October 22, 2025 12:33 AM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: November 24, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.