SQL Anywhere Monitor Non-GUI Credential Leak A/C Execution
CVE-2025-42890 Published on November 11, 2025

Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.

NVD

Vulnerability Analysis

CVE-2025-42890 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.


Products Associated with CVE-2025-42890

Want to know whenever a new CVE is published for SAP Sql Anywhere? stack.watch will email you.

SAP Sql Anywhere
 

Affected Versions

SAP_SE SQL Anywhere Monitor (Non-Gui) Version SYBASE_SQL_ANYWHERE_SERVER 17.0 is affected by CVE-2025-42890

Exploit Probability

EPSS
0.10%
Percentile
27.91%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.