VDB
CVE-2025-42907
CVE-2025-42907
PUBLISHED
CVSS 4.300000190734863 MEDIUM
SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system.
EPSS 0.04% · 12.3th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.04%
12.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP BI Platform | ENTERPRISE 430, 2025, 2027 |
Exploit Intelligence
- https://me.sap.com/notes/3540622 (circl)
- https://url.sap/sapsecuritypatchday (circl)
- CVE-2025-42907.json (github-poc)
- CVE-2025-42907.json (github-poc)
- CVE-2025-42907.json (github-poc)
- CVE-2025-42907.json (github-poc)
- CVE-2025-42907.json (github-poc)
Timeline
- Sep 23, 2025 EPSS Score
- Sep 23, 2025 CVE Published
- Sep 30, 2025 EPSS Score
- Oct 4, 2025 Coalition ESS Score
- Oct 6, 2025 Coalition ESS Score
- Oct 7, 2025 EPSS Score
- Oct 14, 2025 EPSS Score
- Oct 14, 2025 CVE Updated
- Oct 20, 2025 EPSS Score
- Oct 26, 2025 Coalition ESS Score
- Oct 27, 2025 EPSS Score
- Nov 3, 2025 EPSS Score