SAP Gateway Client Vulnerability Exposes Restricted Information
CVE-2025-42997

6.6MEDIUM

Key Information:

Vendor: SAP
Status: SAP Gateway Client
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-42997?

Under certain circumstances, the SAP Gateway Client can allow high-privileged users to access information that should be restricted, which can be misused to influence application functionality or performance. This exposure poses a risk to the confidentiality, integrity, and availability of sensitive data within the application, highlighting the need for prompt attention to security measures.

Affected Version(s)

SAP Gateway Client SAP_GWFND 752

SAP Gateway Client 753

SAP Gateway Client 754

References

https://me.sap.com/notes/3577300

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025