← back
CVE-2025-43000

Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)

CVSS 7.9 HIGHEPSS 0.1%CWE-862
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.9EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Affected products
SAP_SE · SAP Business Objects Business Intelligence Platform (PMW)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3586013https://url.sap/sapsecuritypatchday