Data Exposure Vulnerability in SAP GUI for Windows
CVE-2025-0055

Currently unrated

Key Information:

Vendor

SAP
Vendor
CVE Published:
14 January 2025

Badges

đź“° News Worthy

What is CVE-2025-0055?

The SAP GUI for Windows features a mechanism that stores user input locally to enhance usability. However, this can lead to potential data exposure under specific conditions. If an attacker possesses administrative privileges or gains access to the victim’s user directory on the operating system level, they could exploit this vulnerability to read sensitive information stored on the client PC. The nature of this data can vary, spanning from harmless input to highly confidential information, ultimately compromising the integrity of user data and the overall confidentiality of the application.

News Articles

favicon imageThe Hacker News

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Two critical flaws in SAP GUI expose sensitive data. Patches now available for Windows and Java versions.

5 days ago

XOR Marks the Flaw in SAP GUI

The company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user's input history feature.

5 days ago

References

https://me.sap.com/notes/3472837
https://url.sap/sapsecuritypatchday

Timeline

  • đź“°

    First article discovered

  • Vulnerability published

.
CVE-2025-0055 : Data Exposure Vulnerability in SAP GUI for Windows