{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T16:04:23.759","vulnerabilities":[{"cve":{"id":"CVE-2025-25245","sourceIdentifier":"cna@sap.com","published":"2025-03-11T01:15:35.080","lastModified":"2025-10-24T18:41:16.673","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability."},{"lang":"es","value":"SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contiene un endpoint de aplicación web obsoleto que no está protegido adecuadamente. Un atacante podría aprovechar esto inyectando una URL maliciosa en los datos que se devuelven al usuario. Si se explota con éxito, podría haber un impacto limitado en la confidencialidad e integridad dentro del alcance del navegador de la víctima. No hay impacto en la disponibilidad."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:enterprise:*:*:*","matchCriteriaId":"8354981E-4A5F-4E5E-AF3A-283D5922DF90"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2025:*:*:*:-:*:*:*","matchCriteriaId":"12840D95-CE8E-40FB-9B73-DEBF78384B30"}]}]}],"references":[{"url":"https://me.sap.com/notes/3557469","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Patch"]}]}}]}