CVE-2025-42955

Low CVSS 3.5

Overview

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of the service. Confidentiality and integrity of the data are not affected.

CWE: CWE-862 Published: 2025-08-12T03:15:28.130

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.5 (LOW)
Detected tags: misconfiguration (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags