CVE-2025-24870

{"id": "CVE-2025-24870", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.5}]}, "published": "2025-02-11T01:15:11.280", "references": [{"url": "https://me.sap.com/notes/3562336", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-921"}]}], "descriptions": [{"lang": "en", "value": "SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive information. This has no impact on integrity, and availability."}, {"lang": "es", "value": "Las credenciales de servicio de SAP GUI para Windows y RFC se almacenan incorrectamente en la memoria del programa, lo que permite que un atacante no autenticado acceda a la informaci\u00f3n dentro de los sistemas, lo que da como resultado una escalada de privilegios. Si se explota con \u00e9xito, esto podr\u00eda dar como resultado la divulgaci\u00f3n de informaci\u00f3n altamente confidencial. Esto no tiene impacto en la integridad ni en la disponibilidad."}], "lastModified": "2025-02-18T18:15:33.987", "sourceIdentifier": "[email protected]"}