CVE-2025-25245 MEDIUM

CVE-2025-25245: Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

Vendor Sap_Se
Product SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
Weakness CWE-79 · XSS
Published March 11, 2025
Last update March 11, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability.

Key dates

02Disclosure timeline

March 11, 2025 CVE published
March 11, 2025 Record updated