We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-42965

Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application



Description

SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitation may lead to information disclosure. This vulnerability does not impact the integrity or availability of the application.

Reserved 2025-04-16 | Published 2025-07-08 | Updated 2025-07-08 | Assigner sap


MEDIUM: 4.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Problem types

CWE-918: Server-Side Request Forgery

Product status

Default status
unaffected

ENTERPRISE 430
affected

2025
affected

2027
affected

References

me.sap.com/notes/3598118

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42965)

nvd.nist.gov (CVE-2025-42965)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-42965

Support options

Helpdesk Chat, Email, Knowledgebase