CVE-2025-25245

{"id": "CVE-2025-25245", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-03-11T01:15:35.080", "references": [{"url": "https://me.sap.com/notes/3557469", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Patch"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim\ufffds browser. There is no impact on availability."}, {"lang": "es", "value": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contiene un endpoint de aplicaci\u00f3n web obsoleto que no est\u00e1 protegido adecuadamente. Un atacante podr\u00eda aprovechar esto inyectando una URL maliciosa en los datos que se devuelven al usuario. Si se explota con \u00e9xito, podr\u00eda haber un impacto limitado en la confidencialidad e integridad dentro del alcance del navegador de la v\u00edctima. No hay impacto en la disponibilidad."}], "lastModified": "2025-10-24T18:41:16.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "8354981E-4A5F-4E5E-AF3A-283D5922DF90"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "12840D95-CE8E-40FB-9B73-DEBF78384B30"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}