Cross-Site Scripting Vulnerability in SAP BusinessObjects BI Workspace
CVE-2025-23192

8.2HIGH

Key Information:

Vendor

SAP
Status
SAP Businessobjects Business Intelligence (bi Workspace)
Vendor
CVE Published:
10 June 2025

What is CVE-2025-23192?

SAP BusinessObjects Business Intelligence Workspace is susceptible to cross-site scripting due to a flaw that allows unauthenticated attackers to inject and store malicious scripts within a workspace. When user access occurs, these scripts execute in the victims' browsers, potentially exposing sensitive session information and disrupting user experience. This vulnerability raises significant concerns for confidentiality as attackers can manipulate user actions and access sensitive data.

Affected Version(s)

SAP BusinessObjects Business Intelligence (BI Workspace) ENTERPRISE 430

SAP BusinessObjects Business Intelligence (BI Workspace) 2025

SAP BusinessObjects Business Intelligence (BI Workspace) 2027

References

https://me.sap.com/notes/3560693
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-23192 : Cross-Site Scripting Vulnerability in SAP BusinessObjects BI Workspace