CVE-2025-0064
Last modified
CVE-2025-0064 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Businessobjects Business Intelligence Platform | 430 |
| Sap | Businessobjects Business Intelligence Platform | 2025 |
References
- https://me.sap.com/notes/3525794Permissions Required
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-0064?
How severe is CVE-2025-0064?
How do I fix CVE-2025-0064?
Are you affected by CVE-2025-0064?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST