Cybersecurity researchers revealed two security flaws in SAP GUI that stored sensitive input history insecurely, potentially exposing personal data. These vulnerabilities have been patched, but they highlight ongoing risks in local data storage mechanisms. #SAPGUI #CVE2025-0055 #CVE2025-0056
Keypoints
- The vulnerabilities are CVE-2025-0055 and CVE-2025-0056, affecting SAP GUI for Windows and Java.
- The input history data includes sensitive information like SSNs, bank details, and internal SAP table names.
- Data is stored unencrypted or with weak XOR-based encryption, making it easy to decode.
- Mitigation involves disabling input history and deleting stored history files from specific directories.
- Citrix patched a critical flaw CVE-2025-5777 in NetScaler, which could bypass authentication and was similar to a previously exploited vulnerability.
Read More: https://thehackernews.com/2025/06/citrix-bleed-2-flaw-enables-token-theft.html