CVE-2025-30010 MEDIUM

CVE-2025-30010: Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

Vendor Sap_Se
Product SAP Supplier Relationship Management (Live Auction Cockpit)
Weakness CWE-601 · Open redirect
Published May 13, 2025
Last update May 13, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successful exploitation, the attacker could cause low impact on confidentiality and integrity with no impact on the availability of the application.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated