Vulnerability Details CVE-2025-30009
he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and integrity within the scope of that victim�s browser, with no effect on availability of the application
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.5%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2025-30009
-
cpe:2.3:a:sap:supplier_relationship_management:7.14