CVE-2025-23192

Published Jun 10, 2025

Last updated a month ago

CVSS high 8.2

Overview

Description
SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.
Source
cna@sap.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
8.2
Impact score
5.3
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
Severity
HIGH

Weaknesses

cna@sap.com
CWE-79

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades corregidas en productos de SAP ❗CVE-2025-42989 ❗CVE-2025-42982 ❗CVE-2025-42983 ❗CVE-2025-23192 ➡️Más info: https://t.co/MN7878yOML https://t.co/8BP8FnyJMT

    @CERTpy

    12 Jun 2025

    123 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.