EUVD-2025-17605
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
Lifecycle Timeline
3Description
SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confidentiality and a low impact on integrity.
Analysis
SAP NetWeaver Visual Composer contains a directory traversal vulnerability (CWE-22) that allows high-privileged users to bypass path validation controls and read or modify arbitrary files on the system. The vulnerability affects SAP NetWeaver Visual Composer across supported versions and has a CVSS score of 7.6 due to high confidentiality impact and network-accessible attack vector, though exploitation requires high privileges (PR:H). Exploitation likelihood and KEV/POC status cannot be confirmed from available data, but the high-privilege prerequisite significantly reduces real-world exploitability compared to the base CVSS score suggests.
Technical Context
This vulnerability exists in SAP NetWeaver Visual Composer, a visual development and composition platform for enterprise applications within the SAP NetWeaver ecosystem. The root cause is insufficient input validation (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) in file path handling logic. When processing file paths provided by high-privileged users (likely administrators or system designers), the application fails to properly normalize and validate input paths, allowing traversal sequences (e.g., '../../../') or absolute path injection to escape intended directory boundaries. This affects the file I/O operations within the Visual Composer's design-time or runtime environment, potentially exposing sensitive configuration files, source code, or system files. The vulnerability is network-accessible (AV:N) suggesting it may be exploitable through web interfaces, but requires high privilege level (PR:H) to trigger, limiting the attack surface to authenticated administrative users.
Affected Products
SAP NetWeaver Visual Composer (specific affected versions not enumerated in provided data). CPE data not provided in source material, but affected product likely matches: cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:* or cpe:2.3:a:sap:netweaver_visual_composer:*:*:*:*:*:*:*:*. Consult SAP Security Patch Day advisories and SAP Note database for precise version ranges. Contact SAP support or review SAP Product Availability Matrix (PAM) for complete list of affected Visual Composer releases and corresponding NetWeaver versions.
Remediation
Apply SAP security patches released for NetWeaver Visual Composer addressing CVE-2025-42977 (specific patch versions not provided in source data). Mitigation steps: (1) Consult SAP Security Patch Day announcements and security advisories for affected version patches; (2) Implement strict access controls limiting Visual Composer administrative accounts to users with legitimate design-time responsibilities; (3) Monitor and audit all file operations initiated by Visual Composer components using file system auditing (Windows Event Log, Linux auditd); (4) Apply principle of least privilege to service accounts running Visual Composer, restricting file system access to only necessary directories; (5) If patching is delayed, disable or restrict network access to Visual Composer design-time interfaces; (6) Review and strengthen authentication mechanisms for Visual Composer administrative interfaces (multi-factor authentication for privileged accounts). Vendor advisory: Await SAP Security Patch Day release notes or search SAP Service Marketplace (support.sap.com) for vulnerability resolution details.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today