CVE-2025-42890

CRITICAL 10.0

Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)

CVSS Score

10.0

EPSS Score

0.0%

EPSS Percentile

0th

SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.

Vendor	sap_se
Product	sql anywhere monitor (non-gui)
Published	Nov 11, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for sap_se sql anywhere monitor (non-gui)

Be the first to know when new critical vulnerabilities affecting sap_se sql anywhere monitor (non-gui) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

SAP_SE / SQL Anywhere Monitor (Non-Gui)

SYBASE_SQL_ANYWHERE_SERVER 17.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

me.sap.com: https://me.sap.com/notes/3666261 url.sap: https://url.sap/sapsecuritypatchday