SAP GUI for Java Vulnerability in User Input Data Handling
CVE-2025-0056

Currently unrated

Key Information:

Vendor

SAP
Vendor
CVE Published:
14 January 2025

Badges

đź“° News Worthy

What is CVE-2025-0056?

The SAP GUI for Java application stores user input locally on client machines to enhance user experience. This mechanism can be exploited by an attacker who gains administrative privileges or access to the user's operating system environment. Such access allows the attacker to retrieve stored user input, which can include sensitive information. If compromised, this could lead to severe implications for confidentiality and data privacy, as the disclosed information varies from benign to highly sensitive based on user interactions.

News Articles

XOR Marks the Flaw in SAP GUI

The company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user's input history feature.

2 days ago

References

https://me.sap.com/notes/3502459
https://url.sap/sapsecuritypatchday

Timeline

  • đź“°

    First article discovered

  • Vulnerability published

.
CVE-2025-0056 : SAP GUI for Java Vulnerability in User Input Data Handling