CVE-2025-42943

EPSS 0.05%
Veröffentlicht 12.08.2025 02:05:44
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Information Disclosure in SAP GUI for Windows

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSAP_SE

≫

Produkt SAP GUI for Windows

Default Statusunaffected

Version BC-FES-GUI 8.00

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.16

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	4.5	0.9	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3627845

https://nvd.nist.gov/vuln/detail/CVE-2025-42943

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-42943

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-42943

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-42943