cbcvebase.
CVE-2025-42890
published 2025-11-11

CVE-2025-42890: SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the…

PriorityP267critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.65%
46.3th percentile
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.

Affected

1 ranges
VendorProductVersion rangeFixed in
sap_sesql_anywhere_monitor

Detection & IOCsextracted from sources · hover to see the quote

  • The non-GUI monitor component is typically deployed on unattended appliances; monitor for unexpected administrative logins or access to administrative functions on these headless deployments, which may indicate exploitation of the hardcoded credentials.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.