Pathlok also warned that despite the moderate CVSS rating of 6 out of 10, the GDPR from the flaws, PCI DSS, or HIPAA, can cause compliance issues, citing risks of audit failures under HIPAA. SAP did not answer questions on the matter.
The effect can be very high
Dani said that through these weaknesses a violation can facilitate further targeted attacks. “Not reducing the fact that this extracted data provides an attacker with adequate ammo for reconnaissance activities, a danger actor can understand the organizational structure, usage patterns, and system configuration from the exploitation of these weaknesses and can lay down the arms for the target user and further attacks for further attacks.”
Pathlock Research led the discovery of the respective defects in the SAP Natway as the ABAP, which was tracked as CVE -2025-0059, which affects SAP GUI for HTML, which is an epithet from the same inherent issue. While SAP has yet to patch this version, Pathlock is concerned that patching may not be a permanent improvement for these issues.
According to Strauss, Folwack Mechanism can potentially release the updated versions issued by SAP with strong encryption – SAP GUI for Windows 8.00 patch level 9+ and SAP GUI for 7.80 PL 9+ or 8.10, makes them ineffective.
