6

CVE-2025-24870

EPSS 0.03%
Veröffentlicht 11.02.2025 01:15:11
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Insecure Key & Secret Management vulnerability in SAP GUI for Windows

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive information. This has no impact on integrity, and availability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSAP_SE

≫

Produkt SAP GUI for Windows

Default Statusunaffected

Version BC-FES-GUI 8.00

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.084

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	6	1.5	4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-921 Storage of Sensitive Data in a Mechanism without Access Control

The product stores sensitive information in a file system or device that does not have built-in access control.

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3562336

https://nvd.nist.gov/vuln/detail/CVE-2025-24870

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-24870

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-24870

EUVD