Data Exposure Vulnerability in SAP GUI for Windows
CVE-2025-0055

Currently unrated

Key Information:

Vendor: SAP
Vendor: CVE Published:; 14 January 2025

Summary

The SAP GUI for Windows features a mechanism that stores user input locally to enhance usability. However, this can lead to potential data exposure under specific conditions. If an attacker possesses administrative privileges or gains access to the victim’s user directory on the operating system level, they could exploit this vulnerability to read sensitive information stored on the client PC. The nature of this data can vary, spanning from harmless input to highly confidential information, ultimately compromising the integrity of user data and the overall confidentiality of the application.

References

https://me.sap.com/notes/3472837

https://url.sap/sapsecuritypatchday

Timeline

Vulnerability published
Jan 14, 2025