CVE-2025-42943

Name: CVE-2025-42943
Creator: NVD / NIST
Published: 2025-08-12T03:15:26.987+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.5/10EPSS 0.29%

Last modified Jun 17, 2026

CVE-2025-42943 is a medium-severity vulnerability rated 4.5/10 on the CVSS scale. SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality.

Metrics

CVSS 3.1

4.5/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

EPSS Probability

0.29%

20.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-250

References

Timeline

Published: Aug 12, 2025
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-42943?

How severe is CVE-2025-42943?

CVE-2025-42943 has a CVSS score of 4.5/10 (MEDIUM severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.

How do I fix CVE-2025-42943?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-42943?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST