CVE-2025-23192NVD

Vulnerability Summary

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.

Severity Level

HIGH(8.2)

Published Date

Jun 10, 2025

Last Modified

Jun 12, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-79: Cross-site Scripting (XSS) ↗

The software does not neutralize user-controllable input before it is placed in output that is used as a web page.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionRequired

ScopeChanged

ConfidentialityHigh

IntegrityLow

AvailabilityLow

External References

https://me.sap.com/notes/3560693
https://url.sap/sapsecuritypatchday

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-23192NVD

Vulnerability Summary

External References