← back
CVE-2025-42997

Information Disclosure vulnerability in SAP Gateway Client

CVSS 6.6 MEDIUMEPSS 0.2%CWE-732
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.6EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Affected products
SAP_SE · SAP Gateway Client

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3577300https://url.sap/sapsecuritypatchday