The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application
Metrics
Affected Vendors & Products
References
History
Mon, 14 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Tue, 08 Jul 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Jul 2025 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application | |
Title | Insecure Key & Secret Management vulnerability in SAP GUI for Windows | |
Weaknesses | CWE-922 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: sap
Published: 2025-07-08T00:37:55.021Z
Updated: 2025-07-08T18:13:55.456Z
Reserved: 2025-04-16T13:25:45.231Z
Link: CVE-2025-42979

Updated: 2025-07-08T18:11:37.273Z

Status : Awaiting Analysis
Published: 2025-07-08T01:15:25.107
Modified: 2025-07-08T16:18:14.207
Link: CVE-2025-42979

No data.