July 21, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
DarkCrystal RAT aka DCRat – Active IOCs
July 9, 2025Multiple Adobe Framemaker Vulnerabilities
July 9, 2025DarkCrystal RAT aka DCRat – Active IOCs
July 9, 2025Multiple Adobe Framemaker Vulnerabilities
July 9, 2025
Severity
Medium
Analysis Summary
CVE-2025-42962 CVSS:6.1
SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victims browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.
CVE-2025-42961 CVSS:4.9
Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected.
CVE-2025-42960 CVSS:4.3
SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.It has no impact on the confidentiality and availability of the application.
CVE-2025-42954 CVSS:2.7
SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity.
CVE-2025-31326 CVSS:4.1
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as redirecting users to attacker-controlled domains. This issue primarily affects the integrity of the system. However, the confidentiality and availability of the system remain unaffected.
Impact
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
CVE-2025-42962
CVE-2025-42961
CVE-2025-42960
CVE-2025-42954
CVE-2025-31326
Affected Vendors
SAP
Affected Products
- SAP NetWeaver Application Server ABAP
- SAP BusinessObjects Business Intelligence platform
- SAP Business Warehouse
- SAP BW/4HANA
- SAP NetWeaver Business Warehouse CCAW application
Remediation
Refer to SAP Website for patch, upgrade, or suggested workaround information. (Login Required)