Insecure key & Secret Management vulnerability in SQL Anywhere Monitor...

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.

AI Analysis

Insecure key and secret management vulnerability allowing arbitrary code execution

Basic Information

ID CVE-2025-42890

Source sap

Published Nov 11, 2025 at 00:15

Affected Product

Vendor SAP_SE

Product SQL Anywhere Monitor (Non-Gui)

Version SYBASE_SQL_ANYWHERE_SERVER 17.0

Affected Versions SAP_SE SQL Anywhere Monitor (Non-Gui) SYBASE_SQL_ANYWHERE_SERVER 17.0

CWE Classification

CWE-798

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor SAP

Product SQL Anywhere Monitor (Non-GUI)

Version 17.0

References

{
    "lastseen": "",
    "description": "SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.",
    "published": "2025-11-11T00:15:29.439Z",
    "modified": "2025-11-11T00:15:29.439Z",
    "type": "cve",
    "title": "Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3666261\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42890",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SQL Anywhere Monitor (Non-Gui) SYBASE_SQL_ANYWHERE_SERVER 17.0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SQL Anywhere Monitor (Non-Gui)",
    "version": "SYBASE_SQL_ANYWHERE_SERVER 17.0",
    "vendor": "SAP_SE",
    "ai_description": "Insecure key and secret management vulnerability allowing arbitrary code execution",
    "ai_severity": "Critical",
    "ai_vendor": "SAP",
    "ai_product": "SQL Anywhere Monitor (Non-GUI)",
    "ai_version": "17.0",
    "ai_score": 10
}

Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)_CVE-2025-42890