Information Disclosure Vulnerability in SAP CMC Promotion Management
CVE-2025-42965
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-42965?
The vulnerability in SAP CMC Promotion Management enables authenticated attackers to enumerate internal network systems by crafting specific requests during job source configuration. By analyzing the response times associated with various IP addresses and network ports, attackers can discern valid endpoints within the network. This may lead to the unintended disclosure of sensitive information, posing a significant risk to an organization's security posture. It is important to note that this vulnerability does not affect the integrity or availability of the application.
Affected Version(s)
SAP BusinessObjects BI Platform Central Management Console Promotion Management Application ENTERPRISE 430
SAP BusinessObjects BI Platform Central Management Console Promotion Management Application 2025
SAP BusinessObjects BI Platform Central Management Console Promotion Management Application 2027