Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-42988

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no impact on integrity and availability of the application.

Published

2025-06-10T01:15:22.023

Last Modified

2025-10-23T14:26:31.777

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

Weaknesses

Type: Secondary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	businessobjects_business_intelligence_platform	430	Yes
Application	sap	businessobjects_business_intelligence_platform	2025	Yes
Application	sap	businessobjects_business_intelligence_platform	2027	Yes

References

https://me.sap.com/notes/3585545 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Patch ([email protected])