CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-43000: Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)

7.9 CVSS

Description

Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.

Classification

CVE ID: CVE-2025-43000

CVSS Base Severity: HIGH

CVSS Base Score: 7.9

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Problem Types

CWE-862: Missing Authorization

Affected Products

Vendor: SAP_SE

Product: SAP Business Objects Business Intelligence Platform (PMW)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.49% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-43000
https://me.sap.com/notes/3586013
https://url.sap/sapsecuritypatchday

Timeline

2025-05-13 15:40:21 UTC
CVE

Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)