CVE-2025-42907 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-42907 PUBLISHED CVSS 4.300000190734863 MEDIUM

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system.

EPSS 0.04% · 10.4th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Score

0.04%

10.4th percentile

Affected Products

Vendor	Product	Versions
SAP_SE	SAP BI Platform	ENTERPRISE 430, 2025, 2027

Timeline

Sep 23, 2025 EPSS Score
Sep 23, 2025 CVE Published
Sep 29, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 EPSS Score
Oct 6, 2025 Coalition ESS Score
Oct 12, 2025 EPSS Score
Oct 14, 2025 CVE Updated
Oct 18, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Oct 26, 2025 Coalition ESS Score
Oct 31, 2025 EPSS Score

References

Open in Interactive Console →