The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00012}

epss

{'score': 0.00014}


Tue, 08 Jul 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 08 Jul 2025 00:45:00 +0000

Type Values Removed Values Added
Description The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application
Title Insecure Key & Secret Management vulnerability in SAP GUI for Windows
Weaknesses CWE-922
References
Metrics cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2025-07-08T00:37:55.021Z

Updated: 2025-07-08T18:13:55.456Z

Reserved: 2025-04-16T13:25:45.231Z

Link: CVE-2025-42979

cve-icon Vulnrichment

Updated: 2025-07-08T18:11:37.273Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-08T01:15:25.107

Modified: 2025-07-08T16:18:14.207

Link: CVE-2025-42979

cve-icon Redhat

No data.