CVE-2025-24870

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive information. This has no impact on integrity, and availability.

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3562336
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

18 Feb 2025, 18:15

Type	Values Removed	Values Added
Summary		(es) Las credenciales de servicio de SAP GUI para Windows y RFC se almacenan incorrectamente en la memoria del programa, lo que permite que un atacante no autenticado acceda a la información dentro de los sistemas, lo que da como resultado una escalada de privilegios. Si se explota con éxito, esto podría dar como resultado la divulgación de información altamente confidencial. Esto no tiene impacto en la integridad ni en la disponibilidad.

11 Feb 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-11 01:15

Updated : 2025-02-18 18:15

NVD link : CVE-2025-24870

Mitre link : CVE-2025-24870

CVE.ORG link : CVE-2025-24870

JSON object : View

Products Affected

No product.

CWE

CWE-921

Storage of Sensitive Data in a Mechanism without Access Control

6.0 /10