CVE-2025-24870Storage of Sensitive Data in a Mechanism without Access Control in SE SAP GUI FOR Windows

CWE-921Storage of Sensitive Data in a Mechanism without Access Control3 documents3 sources
Severity
6.0MEDIUMNVD
EPSS
0.0%
top 91.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP GUI FOR Windows
Timeline
PublishedFeb 11

Description

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive information. This has no impact on integrity, and availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages1 packages

CVEListV5sap_se/sap_gui_for_windowsBC-FES-GUI 8.00

🔴Vulnerability Details

2
GHSA
GHSA-qvfq-26w4-9f8v: SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access infor2025-02-11
CVEList
Insecure Key & Secret Management vulnerability in SAP GUI for Windows2025-02-11
CVE-2025-24870 — SE SAP GUI FOR Windows vulnerability | cvebase