CVE-2025-43005

{"id": "CVE-2025-43005", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.5}]}, "published": "2025-05-13T01:15:49.160", "references": [{"url": "https://me.sap.com/notes/3574520", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data."}, {"lang": "es", "value": "SAP GUI para Windows permite que un atacante no autenticado aproveche algoritmos de ofuscaci\u00f3n inseguros utilizados por la aplicaci\u00f3n GuiXT para almacenar credenciales de usuario. Si bien este problema no afecta la integridad ni la disponibilidad de la aplicaci\u00f3n, podr\u00eda tener un impacto bajo en la confidencialidad de los datos."}], "lastModified": "2025-05-13T19:35:18.080", "sourceIdentifier": "cna@sap.com"}