CVE-2025-42890

CRITICAL

SQL Anywhere Monitor - RCE

Title source: llm

Description

SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3666261

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 10.0

EPSS 0.0010

EPSS Percentile 26.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

SAP_SE/SQL Anywhere Monitor (Non-Gui) SYBASE_SQL_ANYWHERE_SERVER 17.0

Published Nov 11, 2025

Tracked Since Feb 18, 2026