CVE-2025-0055

Name: CVE-2025-0055
Creator: NVD / NIST
Published: 2025-01-14T01:15:15.57+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6/10EPSS 0.23%

Last modified Jun 17, 2026

CVE-2025-0055 is a medium-severity vulnerability rated 6/10 on the CVSS scale. SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. EPSS estimates a 0.23% chance of exploitation in the next 30 days.

Description

SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.

Metrics

CVSS 3.1

6/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS Probability

0.23%

14.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-497

References

Timeline

Published: Jan 14, 2025
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-0055?

How severe is CVE-2025-0055?

CVE-2025-0055 has a CVSS score of 6/10 (MEDIUM severity). The EPSS model estimates a 0.23% probability of exploitation in the next 30 days.

How do I fix CVE-2025-0055?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-0055?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST