Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-23192

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.

Published

2025-06-10T01:15:20.847

Last Modified

2025-10-23T14:30:12.927

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	businessobjects_business_intelligence	430	Yes
Application	sap	businessobjects_business_intelligence	2025	Yes
Application	sap	businessobjects_business_intelligence	2027	Yes

References

https://me.sap.com/notes/3560693 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Patch ([email protected])