CVE-2025-43005: Information Disclosure vulnerability in SAP GUI for Windows
First published: Tue May 13 2025(Updated: )
SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP GUI |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-43005?
CVE-2025-43005 is classified as having a Low impact on confidentiality due to insecure credential storage.
How do I fix CVE-2025-43005?
To fix CVE-2025-43005, update SAP GUI for Windows to the latest version that addresses the insecure obfuscation algorithms.
Who is affected by CVE-2025-43005?
CVE-2025-43005 affects users of SAP GUI for Windows who are using the GuiXT application for credential storage.
What type of attack is possible with CVE-2025-43005?
CVE-2025-43005 allows an unauthenticated attacker to exploit vulnerable credential storage methods.
Does CVE-2025-43005 impact application integrity or availability?
CVE-2025-43005 does not impact the integrity or availability of the SAP GUI for Windows application.
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/references
- agent/source
- agent/type
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/sap
- canonical/sap gui