← Back to CVEs
CVE-2025-42943
MEDIUM4.5
Description
SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality.
CVE Details
CVSS v3.1 Score4.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionREQUIRED
Published8/12/2025
Last Modified8/12/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-250
References
https://me.sap.com/notes/3627845(cna@sap.com)
https://url.sap/sapsecuritypatchday(cna@sap.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.