CVE-2025-0061

Summary

SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP BusinessObjects Business Intelligence PlatformENTERPRISE 420affected
SAP_SESAP BusinessObjects Business Intelligence Platform430affected
SAP_SESAP BusinessObjects Business Intelligence Platform2025affected

Weaknesses

  • CWE-497: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References