CVE-2025-0061

SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application.

CVSS v3 8.7 HIGH

8.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3474398	Permissions Required
https://url.sap/sapsecuritypatchday	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420::::enterprise:::
	cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430::::-:::
	cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025::::-:::

History

No history.

Information

Published : 2025-01-14 01:15

Updated : 2025-10-24 19:14

NVD link : CVE-2025-0061

Mitre link : CVE-2025-0061

CVE.ORG link : CVE-2025-0061

JSON object : View

Products Affected

sap

businessobjects_business_intelligence_platform

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

{"id": "CVE-2025-0061", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-01-14T01:15:16.500", "references": [{"url": "https://me.sap.com/notes/3474398", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Patch"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-497"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application."}, {"lang": "es", "value": " SAP BusinessObjects Business Intelligence Platform permite a un atacante no autenticado secuestrar sesiones a trav\u00e9s de la red sin interacci\u00f3n del usuario, debido a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. El atacante puede acceder y modificar todos los datos de la aplicaci\u00f3n."}], "lastModified": "2025-10-24T19:14:21.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B8F5EEB7-5ED5-4887-9691-0455B54A74C5"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "4AA1BB94-FF0C-4D4D-A8EC-F0D8505B966C"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "12840D95-CE8E-40FB-9B73-DEBF78384B30"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}