Cyber Security News

Multiple Vulnerabilities in SAP GuiXT Scripting

Cyware
Multiple Vulnerabilities in SAP GuiXT Scripting

Multiple vulnerabilities in SAP GuiXT scripting could enable remote code execution, NTLM hash theft, client-side request forgery, and DoS attacks due to insecure design and poor security checks. Users are advised to avoid remote script locations and stay updated on mitigations to secure their SAP environments. #SAPGuiXT #NTLMHashTheft

Keypoints

  • Vulnerabilities in SAP GuiXT scripting allow remote code execution and credential theft.
  • Exploitation involves malicious scripts loaded from remote locations or injected via UNC paths.
  • Attackers can perform client-side request forgery by including malicious URLs in scripts.
  • Large script downloads can cause application crashes, leading to Denial of Service.
  • Mitigation strategies include restricting script locations, validating inputs, disabling UNC paths, and educating users.

Read More: https://seclists.org/fulldisclosure/2025/Jun/3