Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202511-00000009

[Content Description]
【CVE-2025-42887, CVSS: 9.9】 This vulnerability lacks input cleanup mechanisms, allowing authenticated attackers to inject malicious code when calling remote function modules, affecting system confidentiality, integrity, and availability.

【CVE-2025-42890, CVSS: 10.0】 SQL Anywhere Monitor (Non-GUI) has a key and key management security vulnerability. This vulnerability stems from directly embedding credentials in the program, potentially allowing unauthorized attackers to gain access to system resources or execute arbitrary code, affecting system confidentiality, integrity, and availability.

[Affected Platforms]
● SAP Solution Manager ST version 720
● SQL Anywhere Monitor (Non-Gui) SYBASE_SQL_ANYWHERE_SERVER version 17.0

[Recommended Actions]
Patch according to the solutions released on the official website:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2025.html

[References]
https://www.twcert.org.tw/tw/cp-169-10505-efc69-1.html