CVE-2025-42940

Vulnerability

Overview

CVE-2025-42940 resides in SAP CommonCryptoLib, a cryptographic library used across SAP products. The library fails to perform necessary boundary checks when parsing manipulated ASN.1 data before authentication. This memory corruption vulnerability is triggered over the network, as the input data is processed during the pre-authentication phase [1].

Exploitation

Path

The attack surface is network-based, requiring the attacker to send specially crafted ASN.1 data to an affected SAP service that uses CommonCryptoLib. No authentication is needed, as the parsing occurs before authentication. The manipulation causes the library to read or write beyond allocated memory buffers, leading to corruption [1].

Impact

The exploitation results in an application crash, directly affecting the availability of the SAP system. Per the official description, there is no impact on confidentiality or integrity; only availability is compromised [1]. An attacker could repeatedly trigger the crash to cause a denial-of-service condition, disrupting business operations.

Mitigation

SAP has addressed this issue in its monthly Security Patch Day. Customers should apply the relevant SAP Security Note to their CommonCryptoLib installations. SAP recommends implementing these corrections as a priority. No workaround is currently documented; patching is the recommended action [1].