CVE-2025-42890 CRITICAL

CVE-2025-42890: Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)

Vendor Sap_Se
Product SQL Anywhere Monitor (Non-Gui)
Weakness CWE-798 · Hardcoded credentials
Published November 11, 2025
Last update February 26, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.

Key dates

02Disclosure timeline

November 11, 2025 CVE published
February 26, 2026 Record updated