CVE-2025-42888

Summary

SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP GUI for WindowsBC-FES-GUI 8.00affected
SAP_SESAP GUI for Windows8.10affected

Weaknesses

  • CWE-316: CWE-316: Cleartext Storage of Sensitive Information in Memory

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References