Remote Code Execution Vulnerability in SAP BusinessObjects Business Intelligence Platform
CVE-2025-42896

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-42896?

The SAP BusinessObjects Business Intelligence Platform is susceptible to a vulnerability that allows unauthenticated remote attackers to exploit URL parameters associated with the login page. By sending specifically crafted requests, attackers can manipulate the server to fetch unauthorized URLs they supply. This flaw poses a potential risk to data confidentiality and integrity, enabling malicious actors to exploit the system for unauthorized information access.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform ENTERPRISE 430

SAP BusinessObjects Business Intelligence Platform 2025

SAP BusinessObjects Business Intelligence Platform 2027

References

https://me.sap.com/notes/3651390

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON