CVE-2025-0055

EPSS 0.03%
Published 14.01.2025 01:15:15
Last modified 14.01.2025 01:15:15
Source cna@sap.com
Teams watchlist Login
Open Login

SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorSAP_SE

≫

Product SAP GUI for Windows

Default Statusunaffected

Version BC-FES-GUI 8.0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.074

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cna@sap.com	6	1.5	4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3472837

https://nvd.nist.gov/vuln/detail/CVE-2025-0055

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0055

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0055

EUVD