CVE-2025-25245
📋 TL;DR
SAP BusinessObjects Web Intelligence contains an insecure deprecated endpoint vulnerable to cross-site scripting (XSS). Attackers can inject malicious URLs that execute in victims' browsers, potentially stealing session cookies or performing unauthorized actions. Organizations using affected SAP BusinessObjects versions are impacted.
💻 Affected Systems
- SAP BusinessObjects Business Intelligence Platform
- SAP BusinessObjects Web Intelligence
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attacker steals authenticated session cookies, gains unauthorized access to business intelligence data, and performs actions as the victim user within the application scope.
Likely Case
Attacker performs session hijacking or credential theft through malicious JavaScript execution in victim's browser, leading to unauthorized data access.
If Mitigated
With proper input validation and output encoding, malicious payloads are neutralized before reaching users, preventing successful exploitation.
🎯 Exploit Status
Exploitation requires user interaction (clicking malicious link) and authenticated access to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to SAP Security Patch Day updates and SAP Note 3557469
Vendor Advisory: https://me.sap.com/notes/3557469
Restart Required: Yes
Instructions:
1. Review SAP Note 3557469 for specific patch details. 2. Apply the security patch from SAP Support Portal. 3. Restart SAP BusinessObjects services. 4. Verify the deprecated endpoint is secured or removed.
🔧 Temporary Workarounds
Disable deprecated endpoint
allRemove or restrict access to the vulnerable deprecated web endpoint
Configuration specific to SAP BusinessObjects; consult SAP documentation for endpoint management
Implement WAF rules
allConfigure web application firewall to block XSS payloads targeting the vulnerable endpoint
WAF-specific configuration for XSS filtering on SAP BusinessObjects paths
🧯 If You Can't Patch
- Implement strict input validation and output encoding for all user-supplied data in the application
- Use Content Security Policy (CSP) headers to restrict script execution sources
🔍 How to Verify
Check if Vulnerable:
Check if the deprecated endpoint is accessible and test for XSS vulnerabilities using security testing toolsCheck Version:
Check SAP BusinessObjects version through Central Management Console or via command: java -version (for Java components)Verify Fix Applied:
Verify the patch is applied by checking version against SAP Note 3557469 and test that XSS payloads no longer execute📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to deprecated endpoints
- HTTP requests containing suspicious script tags or JavaScript payloads
Network Indicators:
- Traffic to known vulnerable endpoints with encoded payloads
- Unexpected redirects or script injections in responses
SIEM Query:
source="sap_businessobjects" AND (url="*vulnerable_endpoint*" AND (content="*script*" OR content="*javascript*"))