Java Applet Vulnerability in SAP Supplier Relationship Management
CVE-2025-30009
6.1MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 13 May 2025
What is CVE-2025-30009?
The Live Auction Cockpit within SAP Supplier Relationship Management (SRM) utilizes a deprecated Java applet component. This design flaw permits unauthenticated attackers to inject malicious scripts into the victim's browser, potentially compromising their browser's security. While the direct impacts on confidentiality and integrity are limited to the user’s browser session, it raises significant concerns about securing web applications that still rely on outdated components.
Affected Version(s)
SAP Supplier Relationship Management (Live Auction Cockpit) SRM_SERVER 7.14