CVE-2025-42955 is a security vulnerability identified in SAP Cloud Connector version 2.0, attributed to SAP SE. The root cause of this vulnerability is a missing authorization check (CWE-862) in the component responsible for testing LDAP connections. Specifically, an attacker positioned on an adjacent network segment with low privileges can send a specially crafted request to the LDAP test endpoint without proper authorization validation. This flaw allows the attacker to trigger actions that degrade the performance of the SAP Cloud Connector service, resulting in a low-impact denial of service condition. Importantly, the vulnerability does not compromise the confidentiality or integrity of data, as it does not allow unauthorized data access or modification. The CVSS v3.1 base score is 3.5, reflecting a low severity primarily due to the limited impact on availability and the requirement for the attacker to have low privileges and network adjacency. No user interaction is required, and the scope remains unchanged. Currently, there are no known exploits in the wild, and no patches have been explicitly linked to this vulnerability as of the publication date.

For European organizations utilizing SAP Cloud Connector 2.0, this vulnerability could lead to reduced availability of the service due to performance degradation caused by unauthorized LDAP connection test requests. While the impact is low, any disruption in SAP Cloud Connector can affect the integration between on-premises systems and SAP cloud services, potentially delaying business processes reliant on these connections. Industries with high dependency on SAP infrastructure, such as manufacturing, finance, and logistics, may experience operational inefficiencies. However, since confidentiality and integrity are not affected, the risk of data breaches or manipulation is minimal. The requirement for an attacker to be on an adjacent network limits the attack surface, but insider threats or compromised internal networks could exploit this vulnerability. Given the critical role of SAP Cloud Connector in hybrid cloud environments, even low-impact availability issues warrant attention to maintain service reliability.

To mitigate this vulnerability, European organizations should implement network segmentation and strict access controls to limit adjacency to trusted users and systems only. Monitoring and logging of LDAP test endpoint access should be enhanced to detect unusual or unauthorized requests promptly. Applying SAP's security advisories and updates as they become available is essential, even though no specific patch is currently linked to this CVE. Organizations should also review and tighten authorization policies within SAP Cloud Connector configurations to ensure that only authorized personnel can access sensitive endpoints. Employing intrusion detection systems (IDS) and anomaly detection tools to identify potential exploitation attempts on the LDAP test endpoint can provide early warning. Additionally, conducting regular security assessments and penetration testing focused on internal network threats can help identify and remediate exposure to this vulnerability.