CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-42988: Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform

3.7 CVSS

Description

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no impact on integrity and availability of the application.

Classification

CVE ID: CVE-2025-42988

CVSS Base Severity: LOW

CVSS Base Score: 3.7

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-918: Server-Side Request Forgery

Affected Products

Vendor: SAP_SE

Product: SAP Business Objects Business Intelligence Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.14% (scored less or equal to compared to others)

EPSS Date: 2025-06-13 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-42988
https://me.sap.com/notes/3585545
https://url.sap/sapsecuritypatchday

Timeline

2025-06-10 03:40:14 UTC
CVE

Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform