CVE-2025-42988 LOW

CVE-2025-42988: Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform

Vendor Sap_Se
Product SAP Business Objects Business Intelligence Platform
Weakness CWE-918 · SSRF
Published June 10, 2025
Last update June 10, 2025

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no impact on integrity and availability of the application.

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 10, 2025 Record updated