5 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Insecure Key and Secret Management / Hard-Coded Credentials in SQL Anywhere Monitor (Non-GUI)
CVSS Score: 10.0 (Critical)
Identifier: CVE-2025-42890
Exploit or Proof of Concept (PoC): There is no confirmed public proof-of-concept (PoC) and no verified exploitation in the wild as of the latest available information.
Update: SAP released fixes for this vulnerability as part of the November 2025 SAP Security Patch Day. Administrators must apply the corrections documented in:
SAP Note 3666261: https://me.sap.com/notes/3666261
This note addresses the insecure credential handling issue in SQL Anywhere Monitor (Non-GUI) version 17.0.
Description:
CVE-2025-42890 is a critical vulnerability involving hard-coded or improperly managed credentials within SQL Anywhere Monitor (Non-GUI). Because sensitive credentials are embedded directly in the product, an attacker with network access to the monitoring service may authenticate without authorization.
Mitigation Recommendation:
Apply the SAP update documented in SAP Note 3666261 immediately and verify that systems reflect the patched version.
Inventory all SQL Anywhere Monitor (Non-GUI) installations (on-prem, virtual, cloud) and identify any that are reachable from untrusted networks. Prioritize exposed hosts for immediate remediation.
If patching cannot be completed right away, restrict network access to the monitoring service using firewalls, segmentation, or temporary service disabling.
Rotate all credentials, keys, and service accounts associated with the vulnerable component, as embedded credentials should be treated as compromised.
