CVE-2025-0064

Published: Feb 11, 2025Modified: Oct 23, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: NVD

Description

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.

Affected (2)

Products: Sap: Businessobjects Business Intelligence Platform

1 product

Businessobjects Business Intelligence Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Business Intelligence Platform	Version 2025
Sap Businessobjects Business Intelligence Platform	Version 430

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://me.sap.com/notes/3525794

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Patch

Timeline

No history available yet.