CVE-2025-24870

MEDIUM Year: 2025
CVSS v3 Score
6.0
Medium
Weakness Type
CWE-921
View all →

Vulnerability Description

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive information. This has no impact on integrity, and availability.

Related Vulnerabilities

CVE-2025-24843

MEDIUM
CVSS:5.1(Medium)

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data.

CWE-9212025

CVE-2023-41818

MEDIUM
CVSS:5.0(Medium)

An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs.

CWE-9212023

CVE-2024-5206

MEDIUM
CVSS:4.7(Medium)

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability a...

CWE-9212024

CVE-2023-2665

HIGH
CVSS:7.5(High)

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.

CWE-9212023

CVE-2023-41965

HIGH
CVSS:7.5(High)

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.

CWE-9212023

CVE-2025-30016

CRITICAL
CVSS:9.8(Critical)

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there ...

CWE-9212025