Cybersecurity researchers revealed two critical vulnerabilities in the SAP Graphical User Interface (GUI) for Windows and Java, identified as CVE-2025-0055 and CVE-2025-0056, which were patched in the January 2025 updates. These flaws were associated with the insecure storage of user input history, potentially enabling attackers with administrative privileges to retrieve sensitive information such as usernames, financial data, and internal SAP data. The vulnerabilities arose from weak encryption practices and unencrypted storage methods, raising significant privacy concerns and highlighting the importance of securing user data.
Cybersecurity researchers have detailed two now-patched security flaws in SAP GUI that could have enabled attackers to access sensitive information.
The issues are rooted in an insecure storage of input history in both Windows and Java versions of the SAP GUI.
Attacker access to the SAP GUI input history could lead to a significant breach of confidentiality regarding sensitive data.
SAP's security updates in January 2025 addressed CVE-2025-0055 and CVE-2025-0056 vulnerabilities that put user data at risk.
Collection
[
|
...
]