CVE-2025-31332

Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on integrity and availability. However, this vulnerability does not disclose any sensitive data.

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3565751	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:enterprise:*:*:*

History

24 Oct 2025, 18:08

Type	Values Removed	Values Added
CPE		cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430::::enterprise:::
References	~~() https://me.sap.com/notes/3565751 -~~	() https://me.sap.com/notes/3565751 - Permissions Required
References	~~() https://url.sap/sapsecuritypatchday -~~	() https://url.sap/sapsecuritypatchday - Vendor Advisory
First Time		Sap businessobjects Business Intelligence Platform Sap

08 Apr 2025, 18:13

Type	Values Removed	Values Added
Summary		(es) Debido a la falta de seguridad en los permisos de archivo de SAP BusinessObjects Business Intelligence Platform, un atacante con acceso local al sistema podría modificar archivos, lo que podría interrumpir las operaciones o causar interrupciones del servicio, lo que afectaría gravemente la integridad y la disponibilidad. Sin embargo, esta vulnerabilidad no revela información confidencial.

08 Apr 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 08:15

Updated : 2025-10-24 18:08

NVD link : CVE-2025-31332

Mitre link : CVE-2025-31332

CVE.ORG link : CVE-2025-31332

JSON object : View

Products Affected

sap

businessobjects_business_intelligence_platform

CWE

CWE-277

Insecure Inherited Permissions

6.6 /10