CVE-2025-42904
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity or availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | Application Server ABAP | KRNL64UC 7.53 | affected |
| SAP_SE | Application Server ABAP | KERNEL 7.53 | affected |
| SAP_SE | Application Server ABAP | 7.54 | affected |
| SAP_SE | Application Server ABAP | 7.77 | affected |
| SAP_SE | Application Server ABAP | 7.89 | affected |
| SAP_SE | Application Server ABAP | 7.93 | affected |
| SAP_SE | Application Server ABAP | 9.16 | affected |
| SAP_SE | Application Server ABAP | 9.17 | affected |
Weaknesses
- CWE-549: CWE-549: Missing Password Field Masking
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.