CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0069 – DLL Hijacking vulnerability in SAPSetup
https://notcve.org/view.php?id=CVE-2025-0069
14 Jan 2025 — Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a company. This leads to high impact on confidentiality, integrity and availability of the Windows server. • https://me.sap.com/notes/3542533 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29187 – DLL Hijacking vulnerability in SapSetup (Software Installation Program)
https://notcve.org/view.php?id=CVE-2023-29187
11 Apr 2023 — A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control. • https://launchpad.support.sap.com/#/notes/3311624 • CWE-427: Uncontrolled Search Path Element •