CVE-2025-42943

MEDIUM

4.5

Descricao

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality.

Detalhes CVE

Pontuacao CVSS v3.14.5

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosHIGH

Interacao do usuarioREQUIRED

Publicado8/12/2025

Ultima modificacao8/12/2025

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-250

Referencias

https://me.sap.com/notes/3627845(cna@sap.com)

https://url.sap/sapsecuritypatchday(cna@sap.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.