CVE-2025-43005

MEDIUM

SAP GUI for Windows - Info Disclosure

Title source: llm

Description

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3574520

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 4.3

EPSS 0.0007

EPSS Percentile 21.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-256

Status published

Products (1)

SAP_SE/SAP GUI for Windows BC-FES-GUI 8.00

Published May 13, 2025

Tracked Since Feb 18, 2026