Data Exposure Risk in SAP GUI for HTML on SAP NetWeaver Application Server ABAP
CVE-2025-0059

Currently unrated

Key Information:

Vendor: SAP
Vendor: CVE Published:; 14 January 2025

Summary

The vulnerability involves applications using SAP GUI for HTML within the SAP NetWeaver Application Server ABAP context. User inputs are stored in local browser storage, intended to enhance usability. However, if an attacker gains administrative privileges or has access to the user directory on the operating system, they could read this stored data. The disclosed data may vary from less critical to highly sensitive information, leading to significant impacts on data confidentiality and potential misuse.

References

https://me.sap.com/notes/3503138

https://url.sap/sapsecuritypatchday

Timeline

Vulnerability published
Jan 14, 2025