CVE-2025-23192 — HIGH (8.2)

Vulnerability Description

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Sap	Businessobjects Business Intelligence	430

Related Weaknesses (CWE)

CWE-79

References

https://me.sap.com/notes/3560693Permissions Required
https://url.sap/sapsecuritypatchdayPatch

FAQ

What is CVE-2025-23192?

CVE-2025-23192 is a vulnerability with a CVSS score of 8.2 (HIGH). SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script w...

How severe is CVE-2025-23192?

CVE-2025-23192 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-23192?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Businessobjects Business Intelligence.