CVE-2025-42888
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-12
Assigner: SAP SE
Description
Description
SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | sap_gui | 3.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-316 | The product stores sensitive information in cleartext in memory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SAP GUI for Windows allows a highly privileged user on the affected client PC to locally access sensitive information stored in the process memory during runtime.
How can this vulnerability impact me? :
The vulnerability has a high impact on confidentiality, meaning sensitive information could be exposed to unauthorized users with high privileges on the client PC. However, it does not affect the integrity or availability of the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70