Home

Description

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity or availability.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-09 | Updated 2025-12-09 | Assigner sap




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-549: Missing Password Field Masking

Product status

Default status
unaffected

KRNL64UC 7.53
affected

KERNEL 7.53
affected

7.54
affected

7.77
affected

7.89
affected

7.93
affected

9.16
affected

9.17
affected

References

me.sap.com/notes/3662324

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42904)

nvd.nist.gov (CVE-2025-42904)

Download JSON