CVE-2025-0061

CVE Database · CVE-2025-0061

CVE-2025-0061

· HIGHAnalyzed

CVSS v3.1

8.7

EPSS

0.49%

Published

Jan 13, 2025

Modified

Oct 24, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Weaknesses (CWE)

CWE-497

Affected Products (3)

sap · businessobjects_business_intelligence_platformvulnerable

References (2)

https://me.sap.com/notes/3474398

Permissions Required

https://url.sap/sapsecuritypatchday

Patch

KEV Catalog EPSS Scores Vendors All CVEs