CVE-2025-42979 MEDIUM

CVE-2025-42979: Insecure Key & Secret Management vulnerability in SAP GUI for Windows

Vendor Sap_Se
Product SAP GUI for Windows
Weakness CWE-922
Published July 8, 2025
Last update July 8, 2025

CVSS base score

5.6/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application

Key dates

02Disclosure timeline

July 8, 2025 CVE published
July 8, 2025 Record updated