CVE-2025-42943

EPSS 0.07%
Published 12.08.2025 02:05:44
Last modified 12.08.2025 14:25:33
Source cna@sap.com
Teams watchlist Login
Open Login

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorSAP_SE

≫

Product SAP GUI for Windows

Default Statusunaffected

Version BC-FES-GUI 8.00

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.212

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cna@sap.com	4.5	0.9	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3627845

https://nvd.nist.gov/vuln/detail/CVE-2025-42943

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-42943

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-42943

EUVD