CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0064: Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)

8.7 CVSS

Description

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.

Classification

CVE ID: CVE-2025-0064

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Affected Products

Vendor: SAP_SE

Product: SAP BusinessObjects Business Intelligence platform (Central Management Console)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://me.sap.com/notes/3525794
https://url.sap/sapsecuritypatchday

Timeline

2025-02-12 00:31:34 UTC
CVE

Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)