What is CVE-2025-42896?

CVE-2025-42896 is a medium-severity vulnerability in Sap_se Sap Businessobjects Business Intelligence Platform, classified under Improper Encoding or Escaping of Output. CVSS score: 5.4/10. Published 2025-12-09.

How severe is CVE-2025-42896?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Vulnerability in Sap_se Sap Businessobjects Business Intelligence Platform

CVE-2025-42896

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URL…

EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N.

Affected products

Sap_se Sap Businessobjects Business Intelligence Platform — versions ENTERPRISE 430, 2025, 2027

Weakness classification (CWE)

CWE-116 — Improper Encoding or Escaping of Output

References

Frequently asked questions

What is CVE-2025-42896?: CVE-2025-42896 is a medium-severity vulnerability in Sap_se Sap Businessobjects Business Intelligence Platform, classified under Improper Encoding or Escaping of Output. CVSS score: 5.4/10. Published 2025-12-09.
How severe is CVE-2025-42896?: Medium severity. CVSS v3 base score is 5.4 out of 10.