CVE-2025-0069
Published: 14 January 2025
Description
Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a company. This leads to high impact on confidentiality, integrity and availability of the Windows server.
Security Summary
CVE-2025-0069 is a DLL injection vulnerability (CWE-427) in the SAPSetup component, affecting Windows servers used in SAP environments. Published on January 14, 2025, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for privilege escalation with changed scope.
An attacker with local user privileges (PR:L) or access to a compromised corporate user's Windows account can exploit this vulnerability despite high attack complexity (AC:H). Successful exploitation allows elevation to higher privileges on the Windows server, enabling lateral movement across the network and potential compromise of the company's Active Directory. This results in high impacts on confidentiality, integrity, and availability.
SAP advisories provide mitigation details, including security note 3542533 at https://me.sap.com/notes/3542533 and further information on their SAP Security Patch Day at https://url.sap/sapsecuritypatchday, recommending application of relevant patches to address the DLL injection issue in SAPSetup.
Details
- CWE(s)