Vulnerability Details CVE-2025-30010
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successful exploitation, the attacker could cause low impact on confidentiality and integrity with no impact on the availability of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.7%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2025-30010
-
cpe:2.3:a:sap:supplier_relationship_management:7.14