SSRF in Sap Businessobjects_business_intelligence_platform
CVE-2025-42988
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.002 (12.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Sap Businessobjects_business_intelligence_platform — versions 430, 2025, 2027
- Sap_se Sap Business Objects Intelligence Platform — versions ENTERPRISE 430, 2025, 2027
Weakness classification (CWE)
References
- cna@sap.com (Permissions Required)
- cna@sap.com (Patch)
Frequently asked questions
- What is CVE-2025-42988?
- CVE-2025-42988 is a low-severity vulnerability in Sap Businessobjects_business_intelligence_platform, classified under Server-Side Request Forgery (SSRF). CVSS score: 3.7/10. Published 2025-06-10.
- How severe is CVE-2025-42988?
- Low severity. CVSS v3 base score is 3.7 out of 10.