<ul data-eligibleForWebStory="true"><li>SAP addressed vulnerabilities in its SAP GUI client applications, discovered by Pathlock Inc. and Fortinet Inc., involving weak or absent encryption in input history functions.</li><li>The vulnerabilities, CVE-2025-0055 and CVE-2025-0056, exposed sensitive user data stored on local machines due to encryption issues in SAP GUI for Windows and SAP GUI for Java.</li><li>SAP GUI for Windows stored data using weak XOR-based encryption, making it easily reversible, while SAP GUI for Java stored data entirely unencrypted in serialized objects.</li><li>SAP released updates to address the vulnerabilities but experts recommend disabling input history feature and implementing mitigation measures due to the potential risk of exposure of sensitive data.</li></ul>

Researchers uncover weak encryption in SAP user interface for Windows and Java

Discover more