CVE-2025-31326

MEDIUM

SAP BusinessObjects - HTML Injection

Title source: llm

Description

SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as redirecting users to attacker-controlled domains. This issue primarily affects the integrity of the system. However, the confidentiality and availability of the system remain unaffected.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3573199

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 4.1

EPSS 0.0005

EPSS Percentile 14.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-80

Status published

Products (4)

SAP_SE/SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 2025

SAP_SE/SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 2027

SAP_SE/SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ENTERPRISE 430

SAP_SE/SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ENTERPRISECLIENTTOOLS 430

Published Jul 08, 2025

Tracked Since Feb 18, 2026