CVE-2025-30010
MEDIUMSAP Supplier Relationship Management - Open Redirect
Title source: llmDescription
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successful exploitation, the attacker could cause low impact on confidentiality and integrity with no impact on the availability of the application.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3578900
Not Applicable
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
6.1
EPSS
0.0030
EPSS Percentile
53.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (1)
sap/supplier_relationship_management
7.14
Published
May 13, 2025
Tracked Since
Feb 18, 2026