SAP note 3562336 - [CVE-2025-24870] Insecure Key & Secret Management vulnerability in SAP GUI for Windows has two preconditions required for this attack:
- The user is logged on to an SAP System and has authenticated via username and password. When Single-Sign solutions are used, this vulnerability is not exploitable.
- The component GuiXT is installed and active when the user logs on to the SAP System.
For #1, we are using SSO but as admins, we manually login admin account if needed and end-user somtimes required a password reset for user lock/expiration. So, this one is applicable.
For #2, we are not using GuiXT by checking the following:
Method 1: Check in SAP GUI Options
1. Open SAP Logon.
2. Click on the top-left SAP GUI icon and select Options.
3. Navigate to SAP Logon Options > Scripting or Accessibility & Scripting.
4. If GuiXT is installed, you should see an entry related to it.
Method 2: Check via the SAP GUI Status Bar
1. Open SAP GUI and log in to any SAP system.
2. In the command field, enter:
/nGuiXT
and press Enter.
3. If GuiXT is installed, a GuiXT window should appear, showing its status and settings.
Method 3: Check Installed Files in SAP GUI Directory
1. Go to your SAP GUI installation directory, typically:
C:\Program Files (x86)\SAP\FrontEnd\SAPgui
2. Look for GuiXT.exe. If this file exists, GuiXT is installed.
Method 4: Check Windows Taskbar or Task Manager
1. Open SAP GUI.
2. Look at the Windows taskbar (bottom-right). If GuiXT is active, you might see a small GuiXT icon.
3. Alternatively, open Task Manager (Ctrl + Shift + Esc) and check if GuiXT.exe is running under the Processes tab.
Since only 1 out of the 2 preconditions are met for this SAP note, do we still need to proceed with the solution? Or it has be both preconditions to be applicable in order to implement the solution?
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.