CVE-2025-42909 LOW

CVE-2025-42909: Security Misconfiguration vulnerability in SAP Cloud Appliance Library Appliances

Vendor Sap_Se
Product SAP Cloud Appliance Library Appliances
Weakness CWE-1004
Published October 14, 2025
Last update October 14, 2025

CVSS base score

3.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not impacted.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated