CVE-2025-31326 MEDIUM

CVE-2025-31326: HTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

Vendor Sap_Se
Product SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
Weakness CWE-80 · XSS · basic
Published July 8, 2025
Last update July 8, 2025

CVSS base score

4.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as redirecting users to attacker-controlled domains. This issue primarily affects the integrity of the system. However, the confidentiality and availability of the system remain unaffected.

Key dates

02Disclosure timeline

July 8, 2025 CVE published
July 8, 2025 Record updated