CVE-2025-42979
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-08

Last updated on: 2025-07-08

Assigner: SAP SE

Description
The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this userοΏ½s windows registry could recreate the original password. There is no impact on integrity or availability of the application
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-08
Last Modified
2025-07-08
Generated
2026-05-06
AI Q&A
2025-07-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-42979
EUVD
EUVD-2025-20334
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap guixt *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-922 The product stores sensitive information without properly limiting read or write access by unauthorized actors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The GuiXT application integrated with SAP GUI for Windows stores RFC user credentials on the client PC using obfuscation algorithms rather than secure symmetric encryption. This means that if an attacker gains access to the user's Windows registry hive, they can recover the original password, compromising confidentiality.


How can this vulnerability impact me? :

This vulnerability can lead to a serious confidentiality breach because an attacker with access to the user's Windows registry can retrieve the original password. However, it does not affect the integrity or availability of the application.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart