CVE-2025-43005 MEDIUM

CVE-2025-43005: Information Disclosure vulnerability in SAP GUI for Windows

Vendor Sap_Se
Product SAP GUI for Windows
Weakness CWE-256
Published May 13, 2025
Last update May 13, 2025

CVSS base score

4.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated