CVE-2025-43005

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3574520
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

13 May 2025, 19:35

Type	Values Removed	Values Added
Summary		(es) SAP GUI para Windows permite que un atacante no autenticado aproveche algoritmos de ofuscación inseguros utilizados por la aplicación GuiXT para almacenar credenciales de usuario. Si bien este problema no afecta la integridad ni la disponibilidad de la aplicación, podría tener un impacto bajo en la confidencialidad de los datos.

13 May 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-13 01:15

Updated : 2025-05-13 19:35

NVD link : CVE-2025-43005

Mitre link : CVE-2025-43005

CVE.ORG link : CVE-2025-43005

JSON object : View

Products Affected

No product.

CWE

CWE-256

Plaintext Storage of a Password

4.3 /10