Skip to main content

CVE-2025-42955: CWE-862: Missing Authorization in SAP_SE SAP Cloud Connector

Low
VulnerabilityCVE-2025-42955cvecve-2025-42955cwe-862
Published: Tue Aug 12 2025 (08/12/2025, 02:09:43 UTC)
Source: CVE Database V5
Vendor/Project: SAP_SE
Product: SAP Cloud Connector

Description

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of the service. Confidentiality and integrity of the data are not affected.

AI-Powered Analysis

AILast updated: 08/12/2025, 02:50:20 UTC

Technical Analysis

CVE-2025-42955 is a vulnerability identified in SAP Cloud Connector version 2.0, attributed to a missing authorization check (CWE-862) in the component responsible for testing LDAP connections. This flaw allows an attacker situated on an adjacent network segment, possessing low privileges, to send specially crafted requests to the LDAP test endpoint without proper authorization validation. The absence of this check means that unauthorized users can trigger operations that degrade the performance of the SAP Cloud Connector service. Importantly, the vulnerability does not impact the confidentiality or integrity of data, as it does not allow data disclosure or modification. The primary consequence is a reduction in service availability due to performance degradation. The CVSS v3.1 base score is 3.5, reflecting a low severity level, with the attack vector being adjacent network (AV:A), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and no impact on confidentiality or integrity, only availability (A:L). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was published on August 12, 2025, with the issue reserved in April 2025. This vulnerability is particularly relevant for organizations using SAP Cloud Connector 2.0 to bridge on-premises systems with SAP cloud services, especially where LDAP connections are tested or managed through this component.

Potential Impact

For European organizations, the impact of CVE-2025-42955 is primarily on service availability rather than data security. Organizations relying on SAP Cloud Connector 2.0 for integrating on-premises infrastructure with SAP cloud solutions may experience reduced performance or temporary service degradation if this vulnerability is exploited. While the impact is low, it could disrupt business processes that depend on timely and reliable cloud connectivity, such as supply chain management, financial operations, or customer relationship management. Since confidentiality and integrity are not compromised, the risk of data breaches or data manipulation is minimal. However, availability issues could lead to operational delays or reduced productivity. The threat is more pronounced in environments where adjacent network access is possible for low-privilege users, such as shared office networks or poorly segmented internal networks. Given the critical role of SAP systems in many European enterprises, even low-impact availability issues warrant attention to maintain service continuity and compliance with operational standards.

Mitigation Recommendations

To mitigate CVE-2025-42955, European organizations should implement the following specific measures: 1) Network Segmentation: Ensure strict network segmentation to prevent low-privilege users from accessing adjacent network segments where SAP Cloud Connector is deployed. 2) Access Controls: Enforce robust access control policies limiting who can reach the LDAP test endpoint, ideally restricting it to trusted administrators or systems. 3) Monitoring and Logging: Enable detailed logging of requests to the LDAP test endpoint and monitor for unusual or repeated access attempts that could indicate exploitation attempts. 4) Update and Patch Management: Although no patch links are currently provided, organizations should monitor SAP security advisories closely and apply patches or updates as soon as they become available. 5) Configuration Review: Review SAP Cloud Connector configurations to disable or restrict the LDAP test functionality if it is not required in the environment. 6) Incident Response Preparedness: Prepare incident response plans to quickly address potential availability degradation caused by exploitation attempts. These steps go beyond generic advice by focusing on network architecture, access restrictions, and proactive monitoring tailored to the specifics of this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
sap
Date Reserved
2025-04-16T13:25:39.583Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 689aa7d2ad5a09ad002be790

Added to database: 8/12/2025, 2:32:50 AM

Last enriched: 8/12/2025, 2:50:20 AM

Last updated: 8/19/2025, 12:34:29 AM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats