What is the severity of CVE-2025-0055?

CVE-2025-0055 has a medium severity rating due to its potential impact on user data confidentiality.

How do I fix CVE-2025-0055?

To fix CVE-2025-0055, ensure that you are using the latest version of SAP GUI for Windows, which includes security updates addressing this vulnerability.

Who is affected by CVE-2025-0055?

CVE-2025-0055 affects users of SAP GUI for Windows who allow administrative access or who have shared their user directories.

What type of data is at risk with CVE-2025-0055?

CVE-2025-0055 can expose sensitive user input data stored on the client PC, dependent on specific usage patterns.

Can CVE-2025-0055 be exploited remotely?

CVE-2025-0055 cannot be exploited remotely and requires local access to the user's operating system to retrieve the vulnerable data.

Vulnerability/
CVE-2025-0055

medium

CWE

497

EPSS

0.043%

14/1/2025

CVE-2025-0055: Information Disclosure vulnerability in SAP GUI for Windows

First published: Tue Jan 14 2025(Updated: )

SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP GUI

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-0055?
CVE-2025-0055 has a medium severity rating due to its potential impact on user data confidentiality.
How do I fix CVE-2025-0055?
To fix CVE-2025-0055, ensure that you are using the latest version of SAP GUI for Windows, which includes security updates addressing this vulnerability.
Who is affected by CVE-2025-0055?
CVE-2025-0055 affects users of SAP GUI for Windows who allow administrative access or who have shared their user directories.
What type of data is at risk with CVE-2025-0055?
CVE-2025-0055 can expose sensitive user input data stored on the client PC, dependent on specific usage patterns.
Can CVE-2025-0055 be exploited remotely?
CVE-2025-0055 cannot be exploited remotely and requires local access to the user's operating system to retrieve the vulnerable data.

agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/weakness
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
collector/epss-latest
source/FIRST
agent/epss
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/sap
canonical/sap gui

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.