Skip to main content

CVE-2025-23192: CWE-79: Improper Neutralization of Input During Web Page Generation in SAP_SE SAP BusinessObjects Business Intelligence (BI Workspace)

High
VulnerabilityCVE-2025-23192cvecve-2025-23192cwe-79
Published: Tue Jun 10 2025 (06/10/2025, 00:10:12 UTC)
Source: CVE Database V5
Vendor/Project: SAP_SE
Product: SAP BusinessObjects Business Intelligence (BI Workspace)

Description

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.

AI-Powered Analysis

AILast updated: 07/10/2025, 23:35:53 UTC

Technical Analysis

CVE-2025-23192 is a high-severity vulnerability classified under CWE-79, which pertains to improper neutralization of input during web page generation, commonly known as Cross-Site Scripting (XSS). This vulnerability affects SAP BusinessObjects Business Intelligence (BI Workspace), specifically versions ENTERPRISE 430, 2025, and 2027. The flaw allows an unauthenticated attacker to inject and store malicious scripts within a BI Workspace. When a legitimate user accesses the compromised workspace, the malicious script executes in their browser context. This execution can lead to unauthorized access to sensitive session information, such as authentication tokens or cookies, enabling attackers to hijack sessions or impersonate users. Additionally, the attacker could manipulate the browser environment, potentially making browser information unavailable or altering displayed data. The vulnerability impacts confidentiality significantly, with a lower but non-negligible impact on integrity and availability. The CVSS v3.1 score of 8.2 reflects a high severity, with an attack vector that is network-based, requiring low attack complexity, but necessitating some privileges and user interaction. The scope is changed, indicating that the vulnerability affects components beyond the initially vulnerable system. No known exploits are currently reported in the wild, and no patches have been linked yet, emphasizing the need for proactive mitigation. Given the nature of SAP BI Workspace as a business intelligence tool widely used in enterprise environments for data visualization and reporting, exploitation could lead to exposure of sensitive business data and session credentials, posing significant risks to organizational security and data privacy.

Potential Impact

For European organizations, the impact of this vulnerability is considerable. SAP BusinessObjects BI Workspace is extensively used across various sectors including finance, manufacturing, healthcare, and public administration in Europe. Exploitation could lead to unauthorized disclosure of sensitive business intelligence data, potentially violating GDPR and other data protection regulations. Confidentiality breaches may expose strategic business insights, customer data, or intellectual property, resulting in financial loss, reputational damage, and regulatory penalties. The ability to hijack sessions or manipulate browser information could facilitate further attacks such as privilege escalation or lateral movement within corporate networks. Although the integrity and availability impacts are lower, the compromise of confidentiality alone is critical given the sensitive nature of BI data. The requirement for some privileges and user interaction slightly reduces the attack likelihood but does not eliminate risk, especially in environments where multiple users access shared BI workspaces. The absence of known exploits currently provides a window for mitigation, but organizations must act swiftly to prevent potential exploitation as threat actors often develop exploits rapidly after public disclosure.

Mitigation Recommendations

To mitigate this vulnerability effectively, European organizations should: 1) Immediately review and restrict access permissions to SAP BI Workspace, ensuring that only trusted and necessary users have privileges to create or modify workspaces. 2) Implement strict input validation and output encoding on all user-generated content within BI Workspace to prevent script injection, if customization or internal development is possible. 3) Monitor and audit workspace content regularly for suspicious or unauthorized scripts or changes. 4) Apply SAP security advisories and patches promptly once released; in the interim, consider disabling or limiting features that allow storing user-generated scripts or content in BI Workspace. 5) Educate users about the risks of interacting with untrusted BI workspaces and encourage cautious behavior regarding links or content from unknown sources. 6) Employ web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting SAP BI Workspace URLs. 7) Leverage browser security features such as Content Security Policy (CSP) to restrict script execution contexts and reduce the impact of potential XSS attacks. 8) Integrate SAP BI Workspace monitoring into broader security information and event management (SIEM) systems to detect anomalous activities indicative of exploitation attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
sap
Date Reserved
2025-01-13T11:13:59.547Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f531b0bd07c39389fb1

Added to database: 6/10/2025, 6:54:11 PM

Last enriched: 7/10/2025, 11:35:53 PM

Last updated: 8/7/2025, 6:44:27 AM

Views: 22

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats