CVE-2025-43005Plaintext Storage of a Password in SE SAP GUI FOR Windows

CWE-256Plaintext Storage of a Password3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 78.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP GUI FOR Windows
Timeline
PublishedMay 13

Description

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_gui_for_windowsBC-FES-GUI 8.00

🔴Vulnerability Details

2
CVEList
Information Disclosure vulnerability in SAP GUI for Windows2025-05-13
GHSA
GHSA-73c9-m6v4-gr66: SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credenti2025-05-13
CVE-2025-43005 — Plaintext Storage of a Password | cvebase