1. Home
  2. CVE Database
  3. CVE-2025-42907
MEDIUM · 4.3

CVE-2025-42907

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low...

Vulnerability Description

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-918

References

FAQ

What is CVE-2025-42907?

CVE-2025-42907 is a vulnerability with a CVSS score of 4.3 (MEDIUM). SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low...

How severe is CVE-2025-42907?

CVE-2025-42907 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-42907?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.