Memory Storage Vulnerability in SAP GUI for Windows by SAP
CVE-2025-24870

6MEDIUM

Key Information:

Vendor: SAP
Status: SAP Gui For Windows
Vendor: CVE Published:; 11 February 2025

What is CVE-2025-24870?

The SAP GUI for Windows contains a vulnerability where RFC service credentials are inadequately stored in memory. This flaw allows unauthenticated attackers to access sensitive information, leading to potential privilege escalation. Exploitation of this vulnerability may result in the exposure of critical data, although it does not compromise the integrity or availability of the system. Users are advised to apply the relevant security patches to mitigate risks associated with this vulnerability.

Affected Version(s)

SAP GUI for Windows BC-FES-GUI 8.00

References

https://me.sap.com/notes/3562336

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 27, 2025