Memory Corruption Vulnerability in SAP CommonCryptoLib
CVE-2025-42940

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Commoncryptolib
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-42940?

SAP CommonCryptoLib experiences a vulnerability due to inadequate boundary checks during pre-authentication parsing of manipulated ASN.1 data transmitted over the network. This oversight may lead to memory corruption and subsequent application crashes, significantly impacting system availability. Fortunately, the vulnerability does not compromise data confidentiality or integrity. Users are advised to apply the latest patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

SAP CommonCryptoLib CRYPTOLIB 8

References

https://me.sap.com/notes/3633049

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON