CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-43005: Information Disclosure vulnerability in SAP GUI for Windows

4.3 CVSS

Description

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.

Classification

CVE ID: CVE-2025-43005

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Problem Types

CWE-256: Plaintext Storage of a Password

Affected Products

Vendor: SAP_SE

Product: SAP GUI for Windows

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.7% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-43005
https://me.sap.com/notes/3574520
https://url.sap/sapsecuritypatchday

Timeline

2025-05-13 15:40:21 UTC
CVE

Information Disclosure vulnerability in SAP GUI for Windows