Missing Authorization Check in SAP Cloud Connector
CVE-2025-42955

3.5LOW

Key Information:

Vendor: SAP
Status: SAP Cloud Connector
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42955?

A vulnerability in SAP Cloud Connector exists due to a missing authorization check, allowing attackers on adjacent networks with low privileges to craft unauthorized requests to test LDAP connections. While the potential for reduced performance may affect service availability, the vulnerability does not compromise data confidentiality or integrity.

Affected Version(s)

SAP Cloud Connector SAP_CLOUD_CONNECTOR 2.0

References

https://me.sap.com/notes/3611345

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025