On 11 November 2025, SAP published a security advisory as part of their November security patches, addressing a maximum severity vulnerability identified as CVE-2025-42890 in SQL Anywhere Monitor (Non-GUI) version 17.0. The vulnerability involves hard-coded credentials, which exposes system resources to unauthorised users and allows threat actors to execute arbitrary code without authentication.
According to Onapsis, a contributor to the recent advisory, SAP has released a patch that removes the SQL Anywhere Monitor completely. The article also states that SAP recommends if applying the patch is not immediately possible, users should temporarily stop using SQL Anywhere Monitor and delete any existing instances of its database as a mitigation measure until the patch can be applied.
At the time of writing, the hard-coded credentials have not been posted publicly, nor is there evidence suggesting that this vulnerability is being actively exploited in the wild. However, given that SAP products have been exploited in the past, this newly discovered vulnerability may be targeted by threat actors. Organisations using SAP SQL Anywhere Monitor should prioritise patching to mitigate any potential future risks.
Recommendation For CVE-2025-42890
Upgrade to Latest Fixed Release
Arctic Wolf strongly recommends that customers upgrade to the latest fixed release.
| Product | Affected Version | Fixed Version |
| SQL Anywhere Monitor (Non-GUI) | 17.0 or below | Patch for 17.0 |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
References
