{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T06:16:15.233","vulnerabilities":[{"cve":{"id":"CVE-2025-24870","sourceIdentifier":"cna@sap.com","published":"2025-02-11T01:15:11.280","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive information. This has no impact on integrity, and availability."},{"lang":"es","value":"Las credenciales de servicio de SAP GUI para Windows y RFC se almacenan incorrectamente en la memoria del programa, lo que permite que un atacante no autenticado acceda a la información dentro de los sistemas, lo que da como resultado una escalada de privilegios. Si se explota con éxito, esto podría dar como resultado la divulgación de información altamente confidencial. Esto no tiene impacto en la integridad ni en la disponibilidad."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":4.0}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-921"}]}],"references":[{"url":"https://me.sap.com/notes/3562336","source":"cna@sap.com"},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com"}]}}]}