CVE-2025-43000 HIGH

CVE-2025-43000: Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)

Vendor Sap_Se
Product SAP Business Objects Business Intelligence Platform (PMW)
Weakness CWE-862 · Missing authorization
Published May 13, 2025
Last update May 13, 2025

CVSS base score

7.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated