{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T03:05:08.453","vulnerabilities":[{"cve":{"id":"CVE-2025-42943","sourceIdentifier":"cna@sap.com","published":"2025-08-12T03:15:26.987","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality."},{"lang":"es","value":"SAP GUI para Windows puede permitir la filtración de hashes NTML al llamar a servicios frontend ABAP específicos con rutas UNC. Para que un ataque tenga éxito, el atacante necesita la autorización del desarrollador en un servidor de aplicaciones ABAP específico para realizar cambios en el código, y la víctima debe ejecutarlos mediante SAP GUI para Windows. Esto podría activar la autenticación NTLM automática, lo que podría exponer las credenciales con hashes a un atacante. Por lo tanto, tiene un gran impacto en la confidencialidad."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-250"}]}],"references":[{"url":"https://me.sap.com/notes/3627845","source":"cna@sap.com"},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com"}]}}]}