CVE-2025-42955 Information
Aug 13, 2025
cve
Description
Due to a missing authorization check in SAP Cloud Connector an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance hence a low-impact on availability of the service. Confidentiality and integrity of the data are not affected.
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Reference
https://me.sap.com/notes/3611345 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
LOW
Base Severity
3.5
Related CNNVD
CNNVD-202508-988 (Published: 2025-08-12)
Share on: