CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0069: DLL Hijacking vulnerability in SAPSetup

7.8 CVSS

Description

Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a company. This leads to high impact on confidentiality, integrity and availability of the Windows server.

Classification

CVE ID: CVE-2025-0069

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

Affected Products

Vendor: SAP_SE

Product: SAPSetup

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://me.sap.com/notes/3542533
https://url.sap/sapsecuritypatchday

Timeline