XOR Marks the Flaw in SAP GUI www.darkreading.com/cloud-sec…

The company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user’s input history feature.

SAP is tracking the vulnerabilities as CVE-2025-0056 and CVE-2025-0055 (both CVSS 6.0). The official description of the flaws issued today described them as issues that would allow an attacker with admin-level privileges or access to the victim’s user directory to read data contained in it.