CVE Alert: CVE-2025-42940 - SAP_SE - SAP CommonCryptoLib

CVE-2025-42940

HIGHNo exploitation known

SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an application crash, hence leading to a high impact on availability. There is no impact on confidentiality or integrity.

CVSS v3.1 (7.5)

AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED

Vendor

SAP_SE

Product

SAP CommonCryptoLib

Versions

CRYPTOLIB 8

CWE

CWE-787, CWE-787: Out-of-bounds Write

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published

2025-11-11T00:20:44.455Z

Updated

2025-11-11T00:20:44.455Z

References

https://me.sap.com/notes/3633049

https://url.sap/sapsecuritypatchday

AI Summary Analysis

Risk verdict

High risk: a pre-authentication, network-exposed memory-corruption flaw could crash the service and disrupt availability; KEV/SSVC/EPSS data are not provided, so treat as priority 1 if exploitation intelligence confirms active use.

Why this matters

In SAP environments, outages can halt critical business processes and finance operations. An attacker could remotely induce a crash without user interaction or credentials, achieving DoS without compromising confidentiality or integrity, potentially cascading across interconnected systems.

Most likely attack path

Attack requires network access to the vulnerable component, with no privileges and no user interaction. Exploitation would cause memory corruption with an unchanged scope, enabling remote DoS. Lateral movement is unlikely unless other exposed interfaces exist, but the primary risk is remote service disruption.

Who is most exposed

organisations with network-accessible SAP components, including on-prem and cloud deployments, especially where remote access or wide trust boundaries expose core services.

Detection ideas

Frequent crash logs or dump files linked to the library after ASN.1 parsing activity.
Network traces showing pre-auth ASN.1 manipulation directed at the service.
Unusual spikes in unauthenticated connection attempts to the affected port.
Post-event service restarts or crashes without user action.
Correlation of crashes with specific ASN.1 payload patterns in logs.

Mitigation and prioritisation

Apply the vendor’s patched library version; verify in a staging environment before production rollout.
Immediately reduce exposure: restrict network access, implement strict ACLs, and segment SAP components from untrusted networks.
If patching is delayed, enable compensating controls (firewall/WAF rules, monitor for unauthorised parsing activity, disable non-essential ASN.1 parsing paths).
Enhance incident response readiness: collect crash dumps, set up alerting for memory faults, and review change-management plans.
If KEV true or EPSS ≥ 0.5, treat as priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-42940, OSINT, sap-commoncryptolib, sap-se, threatintel