CVE-2025-25245

CVE Database · CVE-2025-25245

CVE-2025-25245

· MEDIUMAnalyzed

CVSS v3.1

5.4

EPSS

0.22%

Published

Mar 10, 2025

Modified

Oct 24, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (2)

sap · businessobjects_business_intelligence_platformvulnerable

References (2)

https://me.sap.com/notes/3557469

Permissions Required

https://url.sap/sapsecuritypatchday

Patch

KEV Catalog EPSS Scores Vendors All CVEs