Insecure Credential Storage in SAP GUI for Windows by SAP
CVE-2025-43005

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Gui For Windows
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-43005?

The SAP GUI for Windows has a security flaw that enables unauthenticated attackers to exploit vulnerabilities in the obfuscation algorithms used by the GuiXT application for storing user credentials. This could lead to unauthorized access to sensitive information, affecting the confidentiality of data while not impacting the application's integrity or availability.

Affected Version(s)

SAP GUI for Windows BC-FES-GUI 8.00

References

https://me.sap.com/notes/3574520

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025