CVE-2025-42890

CRITICAL

SQL Anywhere Monitor - RCE

Title source: llm

Description

SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3666261

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 10.0

EPSS 0.0010

EPSS Percentile 27.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-798

Status draft

Timeline

Published Nov 11, 2025

Tracked Since Feb 18, 2026