CVE-2025-42890

Name of the Vulnerable Software and Affected Versions SQL Anywhere Monitor (Non-GUI) version 17.0 versions prior to SAP Note 3666261

Description The SQL Anywhere Monitor (Non-GUI) contains hard-coded credentials within its code. This allows unintended users access to resources and functionality, potentially leading to arbitrary code execution. The issue has a critical impact on the confidentiality, integrity, and availability of the system. The vulnerability allows attackers to gain unauthorized access without authentication.

Recommendations Apply SAP Note 3666261. Rotate all related credentials. As a temporary workaround, discontinue the use of the monitor and delete all database instances.