Insecure Credential Storage in SAP GUI for Windows by SAP
CVE-2025-43005

4.3MEDIUM

Key Information:

Vendor

SAP

Vendor
CVE Published:
13 May 2025

What is CVE-2025-43005?

The SAP GUI for Windows has a security flaw that enables unauthenticated attackers to exploit vulnerabilities in the obfuscation algorithms used by the GuiXT application for storing user credentials. This could lead to unauthorized access to sensitive information, affecting the confidentiality of data while not impacting the application's integrity or availability.

Affected Version(s)

SAP GUI for Windows BC-FES-GUI 8.00

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.