CVE-2025-23185— Information Disclosure in SAP Business Objects Business Intelligence Platform

CVSS 4.1 · Medium EPSS 0.10% · P28 Updated Mar 11, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-23185

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Information Disclosure in SAP Business Objects Business Intelligence Platform

Source: NVD (National Vulnerability Database)

Vulnerability Description

Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. There is no impact on the integrity and availability of the application.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过错误消息导致的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

SAP Business Objects Business Intelligence Platform 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SAP Business Objects Business Intelligence Platform是德国思爱普（SAP）公司的一套商业智能软件和企业绩效解决方案套件。该产品具有报告生成、分析和数据可视化等功能。 SAP Business Objects Business Intelligence Platform存在安全漏洞，该漏洞源于错误处理不当，可能导致信息泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SAP_SE	SAP Business Objects Business Intelligence Platform	ENTERPRISE 430	-

II. Public POCs for CVE-2025-23185

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-23185

请登录查看更多情报信息。

Same Patch Batch · SAP_SE · 2025-03-11 · 20 CVEs total

CVE-2025-27434	8.8 HIGH	Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)
CVE-2025-26661	8.8 HIGH	Missing Authorization check in SAP NetWeaver (ABAP Class Builder)
CVE-2025-26658	6.8 MEDIUM	Broken Authentication in SAP Business One (Service Layer)
CVE-2025-25242	6.1 MEDIUM	Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP
CVE-2025-26659	6.1 MEDIUM	Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applica
CVE-2025-25244	5.7 MEDIUM	Missing Authorization Check in SAP Business Warehouse (Process Chains)
CVE-2025-27431	5.4 MEDIUM	Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java
CVE-2025-25245	5.4 MEDIUM	Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Plat
CVE-2025-23194	5.3 MEDIUM	Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)
CVE-2025-0071	4.9 MEDIUM	Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Mana
CVE-2025-0062	4.7 MEDIUM	Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Plat
CVE-2025-26656	4.3 MEDIUM	Missing Authorization check in S/4HANA (Manage Purchasing Info Records)
CVE-2025-26660	4.3 MEDIUM	Broken Access Control in SAP Fiori apps (Posting Library)
CVE-2025-23188	4.3 MEDIUM	Missing Authorization check in SAP S/4HANA (RBD)
CVE-2025-27433	4.3 MEDIUM	Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
CVE-2025-27436	4.3 MEDIUM	Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
CVE-2025-27430	3.5 LOW	Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)
CVE-2025-26655	3.1 LOW	Missing Authorization check in SAP JIT(Outbound)
CVE-2025-27432	2.4 LOW	Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit)

IV. Related Vulnerabilities

Same product: SAP Business Objects Business Intelligence Platform

Same vendor: SAP_SE

Same weakness: CWE-209

V. Comments for CVE-2025-23185

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-23185— Information Disclosure in SAP Business Objects Business Intelligence Platform

I. Basic Information for CVE-2025-23185

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-23185

III. Intelligence Information for CVE-2025-23185

Same Patch Batch · SAP_SE · 2025-03-11 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-23185

Leave a comment