CVE-2025-23192

HIGH

8.2CVSS v3

—CVSS v2

0.36% EPSS (exploit probability)

CWE-79CWE

Description

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE