CVE-2025-42943

EPSS 0.07%
Veröffentlicht 12.08.2025 02:05:44
Zuletzt bearbeitet 12.08.2025 14:25:33
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSAP_SE

≫

Produkt SAP GUI for Windows

Default Statusunaffected

Version BC-FES-GUI 8.00

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.212

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	4.5	0.9	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3627845

https://nvd.nist.gov/vuln/detail/CVE-2025-42943

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-42943

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-42943

EUVD