Vulnerability in SAP BusinessObjects Business Intelligence Platform
CVE-2025-25245

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (web Intelligence)
Vendor: CVE Published:; 11 March 2025

Summary

The SAP BusinessObjects Business Intelligence Platform (Web Intelligence) features a deprecated web application endpoint that lacks sufficient security measures. This vulnerability allows attackers to inject malicious URLs into the data sent back to users. While exploitation impacts the confidentiality and integrity of user data in the browser context, the overall availability of the system remains unaffected. It's crucial for users and administrators to address this vulnerability promptly to prevent potential data compromise.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ENTERPRISE 430

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 2025

References

https://me.sap.com/notes/3557469

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 4, 2025