CVE-2025-0059
MEDIUMSAP NetWeaver Application Server ABAP - Exposure of Sensitive System Information via Local Browser Storage
Title source: llmDescription
Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3503138
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
6.0
EPSS
0.0018
EPSS Percentile
8.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-497
Status
published
Products (8)
SAP_SE/SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
7.54
SAP_SE/SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
7.77
SAP_SE/SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
7.89
SAP_SE/SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
7.93
SAP_SE/SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
9.12
SAP_SE/SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
9.14
SAP_SE/SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
KERNEL 7.53
SAP_SE/SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
KRNL64UC 7.53
Published
Jan 14, 2025
Tracked Since
Feb 18, 2026