CVE-2025-30012

Published May 13, 2025

Last updated 2 months ago

CVSS low 3.9

Overview

Description
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format. On successful exploitation, an authenticated attacker with high privileges could send malicious payload request and receive an outbound DNS request, resulting in deserialization of data in the application. This vulnerability has low impact on confidentiality, integrity and availability of the application.
Source
cna@sap.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
3.9
Impact score
3.4
Exploitability score
0.5
Vector string
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Severity
LOW

Weaknesses

cna@sap.com
CWE-502

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades corregidas en productos de SAP ❗CVE-2025-30012 ❗CVE-2025-42967 ❗CVE-2025-42980 ➡️Más info: https://t.co/PQZIGbm0rD https://t.co/l51C486X1j

    @CERTpy

    9 Jul 2025

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. SAP Patches Critical Flaws That Could Allow Remote Code Execution SAP's July 2025 Security Patch Day includes 27 new and four updated security notes, with six critical flaws addressed. The most severe, CVE-2025-30012 (CVSS 10), affects SRM’s Live Auction Cockpit, allowing http

    @dCypherIO

    9 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. SAP releases 27 security notes with 6 critical fixes, including CVE-2025-30012 rated 10 for SRM. Vulnerabilities in S/4HANA & NetWeaver could allow full system control. Stay updated! 🔒 #SAPSecurity #Vulnerability #Germany https://t.co/x4eO5bjIm2

    @TweetThreatNews

    8 Jul 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🟥 CVE-2025-30012, CVSS: 10.0 (#Critical) #SAP Supplier Relationship Management (SRM) #Vulnerability allows unauthenticated attackers to send malicious payloads, leading to execution of arbitrary OS commands as SAP Administrator. #CyberSecurity #CVE https://t.co/BEKs4JDJnn

    @UjlakiMarci

    7 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. CVE-2025-30012 Java Deserialization Vulnerability in SAP SRM Live Auction Cockpit Component https://t.co/QLcyu0Ge38

    @VulmonFeeds

    13 May 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-30012 The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java obj… https://t.co/H9VGYXgIie

    @CVEnew

    13 May 2025

    562 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.