Java Applet Vulnerability in SAP Supplier Relationship Management
CVE-2025-30009

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Supplier Relationship Management (live Auction Cockpit)
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-30009?

The Live Auction Cockpit within SAP Supplier Relationship Management (SRM) utilizes a deprecated Java applet component. This design flaw permits unauthenticated attackers to inject malicious scripts into the victim's browser, potentially compromising their browser's security. While the direct impacts on confidentiality and integrity are limited to the user’s browser session, it raises significant concerns about securing web applications that still rely on outdated components.

Affected Version(s)

SAP Supplier Relationship Management (Live Auction Cockpit) SRM_SERVER 7.14

References

https://me.sap.com/notes/3578900

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025