CVE-2025-42999 is a SAP NetWeaver deserialization vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-05-15. That KEV listing means the issue is confirmed to be exploited in the wild, so remediation should be treated as urgent even though the supplied corpus does not include a CVSS score or a detailed vendor impact statement. SAP’s guidance is referenced by CISA, and the s [truncated]
CVE-2025-31324 is a SAP NetWeaver unrestricted file upload vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-04-29. CISA also marks it as having known ransomware campaign use, which raises the defensive priority even though no CVSS score was provided in the supplied corpus. Organizations running SAP NetWeaver should treat this as an urgent exposure to assess, mitigate, a [truncated]
CISA has added CVE-2017-12637, described as a SAP NetWeaver directory traversal vulnerability, to its Known Exploited Vulnerabilities catalog. For defenders, that means the issue is considered known to be exploited and should be treated as urgent. CISA’s listed guidance is to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations [truncated]
CVE-2019-0344 is a deserialization of untrusted data vulnerability in SAP Commerce Cloud. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-09-30, indicating known exploitation. The supplied corpus does not include the full vendor advisory text, so the safest response is to follow SAP’s mitigation guidance immediately or discontinue use if mitigations are not available.
