What is the severity of CVE-2025-24870?

CVE-2025-24870 has been classified as a high severity vulnerability due to the potential for privilege escalation and sensitive information disclosure.

How do I fix CVE-2025-24870?

To mitigate the risks associated with CVE-2025-24870, update to the latest version of SAP GUI for Windows that addresses this vulnerability.

What impact does CVE-2025-24870 have on my systems?

CVE-2025-24870 could allow an unauthenticated attacker to access sensitive service credentials, leading to unauthorized access and privilege escalation.

Which versions of SAP GUI for Windows are affected by CVE-2025-24870?

CVE-2025-24870 affects certain versions of SAP GUI for Windows, so it is essential to check for updates from the vendor.

Is CVE-2025-24870 being actively exploited?

As of now, there have been no confirmed reports of active exploitation of CVE-2025-24870, but it is crucial to apply security patches promptly.

Vulnerability/
CVE-2025-24870

medium

CWE

921

EPSS

0.043%

11/2/2025

18/2/2025

CVE-2025-24870: Insecure Key & Secret Management vulnerability in SAP GUI for Windows

First published: Tue Feb 11 2025(Updated: )

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive information. This has no impact on integrity, and availability.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP GUI for Windows

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-24870?
CVE-2025-24870 has been classified as a high severity vulnerability due to the potential for privilege escalation and sensitive information disclosure.
How do I fix CVE-2025-24870?
To mitigate the risks associated with CVE-2025-24870, update to the latest version of SAP GUI for Windows that addresses this vulnerability.
What impact does CVE-2025-24870 have on my systems?
CVE-2025-24870 could allow an unauthenticated attacker to access sensitive service credentials, leading to unauthorized access and privilege escalation.
Which versions of SAP GUI for Windows are affected by CVE-2025-24870?
CVE-2025-24870 affects certain versions of SAP GUI for Windows, so it is essential to check for updates from the vendor.
Is CVE-2025-24870 being actively exploited?
As of now, there have been no confirmed reports of active exploitation of CVE-2025-24870, but it is crucial to apply security patches promptly.

collector/mitre-cve
source/MITRE
agent/title
agent/type
agent/references
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
agent/author
agent/severity
agent/weakness
agent/event
collector/nvd-api
source/NVD
agent/last-modified-date
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/sap
canonical/sap gui for windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.