Rewrite the
Pathlok, too, warned that despite a medium CVSS rating of 6 out of 10, the flaws could lead to compliance issues, citing risks of audit failures under GDPR, PCI DSS, or HIPAA. SAP did not respond to queries on this matter.
The impact could be much greater
Dani noted that a breach through these vulnerabilities can facilitate further targeted attacks. “Not undermining the fact that this extracted data provides attackers with enough gunpowder for reconnaissance activities, a threat actor could comprehend organizational structure, usage patterns, and system configurations from the exploitation of these vulnerabilities and weaponize them for personalization attacks such as spear phishing to effectively compromise a targeted user and carry out further attacks,” Dani said.
The Pathlock research also led to the discovery of a related flaw in SAP NetWeaver AS ABAP, tracked as CVE-2025-0059, affecting SAP GUI for HTML stemming from the same underlying issue. While SAP has yet to patch this variant, Pathlock is concerned that patching might not be a permanent fix to these issues.
According to Stross, fallback mechanisms can potentially undermine the updated versions released by SAP with stronger encryption – SAP GUI for Windows 8.00 Patch Level 9+ and SAP GUI for Java 7.80 PL9+ or 8.10, making them ineffective.
in well organized HTML format with all tags properly closed. Create appropriate headings and subheadings to organize the content. Ensure the rewritten content is approximately 1500 words. Do not include the title and images. please do not add any introductory text in start and any Note in the end explaining about what you have done or how you done it .i am directly publishing the output as article so please only give me rewritten content. At the end of the content, include a “Conclusion” section and a well-formatted “FAQs” section.
