CVE-2025-42997

Summary

Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Gateway ClientSAP_GWFND 752affected
SAP_SESAP Gateway Client753affected
SAP_SESAP Gateway Client754affected
SAP_SESAP Gateway Client755affected
SAP_SESAP Gateway Client756affected
SAP_SESAP Gateway Client757affected
SAP_SESAP Gateway Client758affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References