EUVD-2025-17607
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
Lifecycle Timeline
4Description
SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.
Analysis
Stored Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects BI Workspace that allows unauthenticated attackers to inject and persist malicious JavaScript code within workspaces. When authenticated users access compromised workspaces, the malicious script executes in their browser context, potentially exposing sensitive session tokens, cookies, and user data. The vulnerability has a CVSS score of 8.2 (High) with significant confidentiality impact; while KEV/EPSS data and active exploitation status are not provided in available intelligence, the attack requires user interaction and authentication context, moderating real-world severity despite the high CVSS rating.
Technical Context
This vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation - 'Cross-site Scripting'), a fundamental web application flaw where user-supplied input is not properly sanitized or escaped before being rendered in HTML/JavaScript context. SAP BusinessObjects BI Workspace, a business intelligence and analytics platform, fails to adequately validate and neutralize malicious script payloads when users create or modify workspace objects. The stored nature of this XSS means the malicious payload persists in the backend database and executes for every subsequent user accessing the affected workspace, making it a persistent threat vector. The vulnerability likely exists in workspace creation/editing endpoints, dashboard components, or report configuration interfaces where user input flows directly into DOM without proper Content Security Policy (CSP) enforcement or output encoding.
Affected Products
SAP BusinessObjects Business Intelligence (BI Workspace) - specific versions not explicitly provided in CVE description. Likely affected versions include BusinessObjects BI 4.x product line, including BI Suite Standard Edition and Enterprise Edition. Typical CPE string pattern would be: cpe:2.3:a:sap:businessobjects_business_intelligence:*:*:*:*:*:*:*:*. Organizations should consult SAP's official security advisory for the exact affected version ranges and build numbers. SAP typically releases patches through their Solution Manager or Support Portal; check SAP Security Patch Day announcements (usually monthly) for CVE-2025-23192 remediation guidance.
Remediation
1) IMMEDIATE: Isolate or restrict access to BI Workspace instances until patches are applied. Review recent workspace creation/modification logs to identify potentially malicious payloads. 2) PATCH: Apply SAP's official security patch for BusinessObjects BI Workspace addressing CVE-2025-23192 (patch details and version numbers available via SAP Security Patch Day advisories or direct vendor notification). 3) WORKAROUNDS (if patching is delayed): Implement Web Application Firewall (WAF) rules blocking common XSS payloads in workspace endpoints; deploy strict Content Security Policy headers to limit script execution scope; restrict workspace editing permissions to trusted administrators only; audit and sanitize existing workspace definitions for suspicious JavaScript. 4) POST-REMEDIATION: Enforce input validation and output encoding standards in custom BI extensions; implement automated security scanning for XSS in workspace configuration; conduct user awareness training on not executing workspace code from untrusted sources. Contact SAP Support directly for patch download links and deployment guidance specific to your environment.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today