Research & Development
$ #

CVE-2025-23192

Stored Cross-Site Scripting in the BI Workspace module

8.2 (High)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

SAP BusinessObjects Business Intelligence Platform

ENTERPRISE 430, 2025, 2027

Artur Grochal

SAP BusinessObjects Business Intelligence Platform (BI Workspace) allows an attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable.

PoC: TBA

  • 17-12-2024 - Vulnerability reported to vendor
  • 10-06-2025 - Security advisory is published by the vendor