CVE-2025-42890 | THREATINT

Description

SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-11 | Updated 2025-11-12 | Assigner sap

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-798: Use of Hard-coded Credentials

Product status

Default status

unaffected

SYBASE_SQL_ANYWHERE_SERVER 17.0

affected

References

me.sap.com/notes/3666261

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42890)

nvd.nist.gov (CVE-2025-42890)

Download JSON