CVE-2025-42997 MEDIUM

CVE-2025-42997: Information Disclosure vulnerability in SAP Gateway Client

Vendor Sap_Se
Product SAP Gateway Client
Weakness CWE-732
Published May 13, 2025
Last update May 13, 2025

CVSS base score

6.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated