SSRF in Sap Businessobjects_business_intelligence_platform

CVE-2025-42988

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.002 (12.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-42988?
CVE-2025-42988 is a low-severity vulnerability in Sap Businessobjects_business_intelligence_platform, classified under Server-Side Request Forgery (SSRF). CVSS score: 3.7/10. Published 2025-06-10.
How severe is CVE-2025-42988?
Low severity. CVSS v3 base score is 3.7 out of 10.