CVE-2025-0064

Summary

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP BusinessObjects Business Intelligence platform (Central Management Console)ENTERPRISE 430affected
SAP_SESAP BusinessObjects Business Intelligence platform (Central Management Console)2025affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References