Java Applet Vulnerability in SAP Supplier Relationship Management
CVE-2025-30009

6.1MEDIUM

Key Information:

Vendor

SAP
Status
SAP Supplier Relationship Management (SRM)
Vendor
CVE Published:
13 May 2025

What is CVE-2025-30009?

The Live Auction Cockpit within SAP Supplier Relationship Management (SRM) utilizes a deprecated Java applet component. This design flaw permits unauthenticated attackers to inject malicious scripts into the victim's browser, potentially compromising their browser's security. While the direct impacts on confidentiality and integrity are limited to the user’s browser session, it raises significant concerns about securing web applications that still rely on outdated components.

References

https://me.sap.com/notes/3578900
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.
CVE-2025-30009 : Java Applet Vulnerability in SAP Supplier Relationship Management