CVE-2025-42890 PUBLISHED

Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)

Assigner: sap
Reserved: 16.04.2025 Published: 11.11.2025 Updated: 12.11.2025

SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 10

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SQL Anywhere Monitor (Non-Gui)
Versions	Default: unaffected Version SYBASE_SQL_ANYWHERE_SERVER 17.0 is affected

References

https://me.sap.com/notes/3666261
https://url.sap/sapsecuritypatchday

CVE-2025-42890 PUBLISHED

Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)

Metrics

Product Status

References

Problem Types