CVE-2025-31326

CVE Database · CVE-2025-31326

CVE-2025-31326

· MEDIUMDeferred

CVSS v3.1

4.1

EPSS

0.23%

Published

Jul 7, 2025

Modified

Apr 14, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as redirecting users to attacker-controlled domains. This issue primarily affects the integrity of the system. However, the confidentiality and availability of the system remain unaffected.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Weaknesses (CWE)

CWE-80

References (2)

https://me.sap.com/notes/3573199

https://url.sap/sapsecuritypatchday

KEV Catalog EPSS Scores Vendors All CVEs