CVE-2025-42955 LOW

CVE-2025-42955: Missing authorization check in SAP Cloud Connector

Vendor Sap_Se

Product SAP Cloud Connector

Weakness CWE-862 · Missing authorization

Published August 12, 2025

Last update August 13, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of the service. Confidentiality and integrity of the data are not affected.

Key dates

02Disclosure timeline

August 12, 2025 CVE published

August 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-42955 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2026-5371 MonsterInsights <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset CVE-2025-14395 Popover Windows <= 1.2 - Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions CVE-2026-22461 WordPress CTX Feed plugin <= 6.6.18 - Broken Access Control vulnerability CVE-2026-3569 Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint CVE-2025-23763 WordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerability