Cyber Resilience

CVE-2025-0064

High

Published: 11 February 2025

Published
11 February 2025
Modified
23 October 2025
KEV Added
Patch
CVSS Score v3.1 8.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0008 22.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0064 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Sap Businessobjects Business Intelligence Platform. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 22.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-0064 is a vulnerability in the Central Management Console of the SAP BusinessObjects Business Intelligence platform. Under specific conditions, an attacker with administrative rights can generate or retrieve a secret passphrase, which enables them to impersonate any user in the system. This issue, linked to CWE-732 (Incorrect Permission Assignment for Critical Resource), carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N), reflecting high impacts on confidentiality and integrity with no availability disruption.

Exploitation requires an attacker to possess administrative privileges on the affected system, allowing network-based access with low complexity and no user interaction. Successful exploitation grants the ability to impersonate any user, potentially leading to unauthorized access to sensitive data and manipulation of system configurations or reports.

SAP advisories, including security note 3525794 and details from the SAP Security Patch Day, provide guidance on mitigation, such as applying available patches to address the vulnerability in the Central Management Console.

EU & UK References

Vulnerability details

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a…

more

high impact on confidentiality and integrity, with no impact on availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1550 Use Alternate Authentication Material Lateral Movement
Adversaries may use alternate authentication material, such as password hashes, Kerberos tickets, and application access tokens, in order to move laterally within an environment and bypass normal system access controls.
Why these techniques?

Admin access to retrieve secret passphrase directly enables impersonation via valid accounts (T1078) and use of alternate authentication material (T1550).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0508Same product: Sap Businessobjects Business Intelligence Platform
CVE-2026-0490Same product: Sap Businessobjects Business Intelligence Platform
CVE-2026-0485Same product: Sap Businessobjects Business Intelligence Platform
CVE-2025-0061Same product: Sap Businessobjects Business Intelligence Platform
CVE-2025-0066Same vendor: Sap
CVE-2025-0063Same vendor: Sap
CVE-2026-23687Same vendor: Sap
CVE-2026-0509Same vendor: Sap
CVE-2026-23689Same vendor: Sap
CVE-2025-23193Same vendor: Sap

Affected Assets

sap
businessobjects business intelligence platform
2025, 430

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation through application of SAP patches directly fixes the flaw allowing admins to generate or retrieve the secret passphrase in the Central Management Console.

prevent

Enforcement of least privilege limits the administrative accounts that could exploit the vulnerability requiring high privileges (PR:H) to impersonate users.

prevent

Requires the system to enforce approved access authorizations, addressing the incorrect permission assignment (CWE-732) to the critical secret passphrase resource.

References