CVE-2025-42997

MEDIUM

SAP Gateway Client - Info Disclosure

Title source: llm

Description

Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.

References (2)

[Vendor Advisory] https://url.sap/sapsecuritypatchday

[Vendor Advisory] https://me.sap.com/notes/3577300

Scores

CVSS v3 6.6

EPSS 0.0025

EPSS Percentile 47.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-732

Status published

Products (7)

SAP_SE/SAP Gateway Client 753

SAP_SE/SAP Gateway Client 754

SAP_SE/SAP Gateway Client 755

SAP_SE/SAP Gateway Client 756

SAP_SE/SAP Gateway Client 757

SAP_SE/SAP Gateway Client 758

SAP_SE/SAP Gateway Client SAP_GWFND 752

Published May 13, 2025

Tracked Since Feb 18, 2026