SAP
CVE-2025-23185
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. There is no impact on the integrity and availability of the application.
AnalysisAI
Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. [CVSS 4.1 MEDIUM]
Technical ContextAI
Classified as CWE-209 (Error Message Information Leak). Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. There is no impact on the integrity and availability of the application.
Affected ProductsAI
Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today