CVE-2025-42888Cleartext Storage of Sensitive Information in Memory in SE SAP GUI FOR Windows

CWE-316Cleartext Storage of Sensitive Information in Memory3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 99.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP GUI FOR Windows
Timeline
PublishedNov 11

Description

SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages1 packages

CVEListV5sap_se/sap_gui_for_windows8.10, BC-FES-GUI 8.00+1

🔴Vulnerability Details

2
GHSA
GHSA-59p6-qq9j-xgjc: SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory duri2025-11-11
CVEList
Information Disclosure vulnerability in SAP GUI for Windows2025-11-11
CVE-2025-42888 — SE SAP GUI FOR Windows vulnerability | cvebase