CVE-2025-23192

HIGH EPSS 25.3%

Published Jun 10, 20251y ago · Modified Jun 17, 20261w ago

7.6 CVSS 3.1

High

Published Jun 10, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.

CVSS Details

Base Score

7.6

Exploitability

2.3

Impact

4.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality High

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

25.3% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 3

Vendor	Product	Version	Range
sap	businessobjects_business_intelligence	430	any
sap	businessobjects_business_intelligence	2025	any
sap	businessobjects_business_intelligence	2027	any

References 2

me.sap.com https://me.sap.com/notes/3560693

Permissions Required
url.sap https://url.sap/sapsecuritypatchday

Patch

Remediation

url.sap https://url.sap/sapsecuritypatchday

Patch