CVE-2025-0064

HIGH

SAP BusinessObjects - Privilege Escalation

Title source: llm

Description

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.

References (2)

[Permissions Required] https://me.sap.com/notes/3525794

[Patch] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 8.7

EPSS 0.0006

EPSS Percentile 17.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (2)

sap/businessobjects_business_intelligence_platform 430

sap/businessobjects_business_intelligence_platform 2025

Published Feb 11, 2025

Tracked Since Feb 18, 2026