DLL Injection Vulnerability in SAPSetup by SAP
CVE-2025-0069

Currently unrated

Key Information:

Vendor: SAP
Vendor: CVE Published:; 14 January 2025

Summary

A DLL injection vulnerability in SAPSetup could allow an attacker with local user privileges or access to a compromised Windows account to escalate their permissions. This privilege escalation enables the attacker to move laterally within the network, potentially compromising the Active Directory and significantly affecting the confidentiality, integrity, and availability of the Windows server environment.

References

https://me.sap.com/notes/3542533

https://url.sap/sapsecuritypatchday

Timeline

Vulnerability published
Jan 14, 2025