SQL Anywhere Monitor Vulnerability in SAP Products
CVE-2025-42890

10CRITICAL

Key Information:

Vendor: SAP
Status: Sql Anywhere Monitor (non-gui)
Vendor: CVE Published:; 11 November 2025

Badges

📰 News Worthy

What is CVE-2025-42890?

CVE-2025-42890 is a vulnerability associated with the SQL Anywhere Monitor component within SAP products. This non-GUI tool is designed to manage and monitor SQL Anywhere databases used across various SAP applications. The vulnerability arises from the inclusion of hard-coded credentials in the software's code, which can expose sensitive resources to unauthorized users. An attacker taking advantage of this vulnerability may execute arbitrary code, compromising the confidentiality, integrity, and availability of the systems utilizing the affected SAP products. Consequently, organizations relying on these applications could face severe ramifications, including unauthorized access to critical data, disruption of services, and potential operational downtime.

Potential impact of CVE-2025-42890

Unauthorized Access and Code Execution: The hard-coded credentials allow attackers to gain unauthorized access to system resources, enabling them to execute arbitrary code. This can result in full control over affected systems, allowing for data exfiltration or manipulation.
Data Breaches: With the potential for unauthorized access, the confidentiality of sensitive information stored in SAP databases could be compromised. This may lead to data breaches that expose organizational data, impacting compliance and customer trust.
System Disruption and Downtime: Exploiting this vulnerability can lead to system instability or downtime. Organizations may experience interruptions in their operations, resulting in financial losses and negative impacts on service delivery.

Affected Version(s)

SQL Anywhere Monitor (Non-Gui) SYBASE_SQL_ANYWHERE_SERVER 17.0

News Articles

Arctic Wolf

CVE-2025-42890

CVE-2025-42890 | Arctic Wolf

SAP published a security advisory addressing a maximum severity vulnerability identified as CVE-2025-42890 in SQL Anywhere Monitor (Non-GUI) version 17.

4 weeks ago

BleepingComputer

CVE-2025-42890 CVE-2025-42887

SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor

SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform.

4 weeks ago

References

https://me.sap.com/notes/3666261

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by BleepingComputer
Nov 11, 2025
Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON