Skip to main content

CVE-2025-31326: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page in SAP_SE SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

Medium
VulnerabilityCVE-2025-31326cvecve-2025-31326cwe-80
Published: Tue Jul 08 2025 (07/08/2025, 00:34:21 UTC)
Source: CVE Database V5
Vendor/Project: SAP_SE
Product: SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

Description

SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as redirecting users to attacker-controlled domains. This issue primarily affects the integrity of the system. However, the confidentiality and availability of the system remain unaffected.

AI-Powered Analysis

AILast updated: 07/08/2025, 00:58:27 UTC

Technical Analysis

CVE-2025-31326 is a medium-severity vulnerability affecting SAP BusinessObjects Business Intelligence Platform (Web Intelligence), specifically versions ENTERPRISE 430, 2025, 2027, and ENTERPRISECLIENTTOOLS 430. The vulnerability is classified under CWE-80, which pertains to improper neutralization of script-related HTML tags in a web page, commonly known as HTML Injection. This vulnerability allows an attacker with basic user privileges to inject malicious HTML or script code into certain input fields within the Web Intelligence platform. Exploiting this flaw can lead to unintended redirects or manipulation of the application’s behavior, such as redirecting legitimate users to attacker-controlled domains. The vulnerability primarily impacts the integrity of the system by enabling unauthorized modification of the application's behavior. However, it does not affect the confidentiality or availability of the system. The CVSS v3.1 base score is 4.1, indicating a medium severity level, with the vector AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N. This means the attack can be launched remotely over the network with low attack complexity, requires low privileges (basic user), and user interaction is needed. The scope is changed (S:C), indicating the vulnerability affects resources beyond the security scope of the vulnerable component. No known exploits are currently reported in the wild, and no official patches or mitigation links are provided yet. The vulnerability arises due to insufficient sanitization or neutralization of HTML tags in user-controllable input fields, allowing injection of malicious code that can alter the normal behavior of the web application.

Potential Impact

For European organizations using SAP BusinessObjects Business Intelligence Platform, this vulnerability poses a risk primarily to the integrity of their business intelligence data and application workflows. Attackers with basic user access could inject malicious HTML to manipulate reports or dashboards, potentially misleading users or redirecting them to phishing sites. While confidentiality and availability are not directly impacted, the integrity compromise could lead to erroneous business decisions based on manipulated data or loss of trust in the BI platform. This could be particularly damaging for sectors relying heavily on accurate BI data, such as finance, manufacturing, and public administration. Additionally, the redirection to attacker-controlled domains could facilitate further phishing or social engineering attacks targeting European employees. Given the widespread use of SAP products in Europe, especially in large enterprises and government entities, the vulnerability could be leveraged for targeted attacks aiming to disrupt business intelligence operations or conduct reconnaissance. The requirement for user interaction and low privilege reduces the likelihood of large-scale automated exploitation but does not eliminate risk in environments where many users have basic access.

Mitigation Recommendations

1. Implement strict input validation and output encoding on all user-controllable fields within the SAP BusinessObjects Web Intelligence platform to neutralize any HTML or script tags. 2. Apply the principle of least privilege by restricting user permissions to only those necessary for their roles, minimizing the number of users with access to vulnerable input fields. 3. Monitor and audit user inputs and report generation activities to detect any anomalous or suspicious behavior indicative of injection attempts. 4. Employ web application firewalls (WAF) with custom rules to detect and block HTML injection payloads targeting the BI platform. 5. Educate users about the risks of interacting with unexpected redirects or suspicious links within the BI reports. 6. Stay updated with SAP security advisories and apply patches or updates as soon as they become available. 7. Consider isolating the BI platform network segment and enforcing strict network segmentation to limit exposure. 8. Conduct regular security assessments and penetration testing focusing on input validation and injection vulnerabilities within the BI environment.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
sap
Date Reserved
2025-03-27T23:02:06.906Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686c68cb6f40f0eb72eec619

Added to database: 7/8/2025, 12:39:39 AM

Last enriched: 7/8/2025, 12:58:27 AM

Last updated: 8/15/2025, 6:12:18 PM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats