Java Applet Vulnerability in SAP Supplier Relationship Management
CVE-2025-30010

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Supplier Relationship Management (live Auction Cockpit)
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-30010?

The Live Auction Cockpit within SAP Supplier Relationship Management utilizes a deprecated Java applet component, which presents a security risk. This susceptibility allows unauthenticated attackers to create malicious links that, when clicked by users, redirect their browsers to harmful websites. Successful exploitation can compromise data confidentiality and integrity, while the availability of the application remains unaffected. Addressing this vulnerability is essential to ensure the security of the SRM environment.

Affected Version(s)

SAP Supplier Relationship Management (Live Auction Cockpit) SRM_SERVER 7.14

References

https://me.sap.com/notes/3578900

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 13, 2025