Information Disclosure Vulnerability in SAP Promotion Management Wizard
CVE-2025-43000

7.9HIGH

Key Information:

Vendor: SAP
Status: SAP Business Objects Business Intelligence Platform (pmw)
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-43000?

The SAP Promotion Management Wizard contains a vulnerability that allows an unauthorized attacker to gain access to sensitive information under certain conditions. This breach results in a compromise of data confidentiality while maintaining low impact on the integrity and availability of the application. Organizations using this tool are advised to apply relevant security patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

SAP Business Objects Business Intelligence Platform (PMW) ENTERPRISE 430

SAP Business Objects Business Intelligence Platform (PMW) 2025

SAP Business Objects Business Intelligence Platform (PMW) 2027

References

https://me.sap.com/notes/3586013

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025