First published: Tue Mar 11 2025(Updated: )
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP BusinessObjects Business Intelligence Platform |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-25245 is classified as a high severity vulnerability due to the potential for remote code execution through an insecure web application endpoint.
To fix CVE-2025-25245, users should update their SAP BusinessObjects Business Intelligence Platform (Web Intelligence) to the latest version provided by SAP.
Exploitation of CVE-2025-25245 can lead to an attacker executing unauthorized commands and injecting malicious URLs into data returned to users.
CVE-2025-25245 affects all versions of SAP BusinessObjects Business Intelligence Platform (Web Intelligence) that contain the deprecated web application endpoint.
Currently, there are no official workarounds for CVE-2025-25245, and upgrading to the patched version is recommended as the best mitigation strategy.