Login Sign Up

CVE-2025-30009

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability in SAP SRM's Live Auction Cockpit allows unauthenticated attackers to execute malicious scripts in victims' browsers via a deprecated Java applet component. It affects organizations using the vulnerable SAP SRM packages, potentially enabling cross-site scripting attacks against users accessing the auction interface.

💻 Affected Systems

Products:
  • SAP Supplier Relationship Management (SRM)
Versions: Specific versions mentioned in SAP Note 3578900
Operating Systems: Any OS running affected SAP SRM
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Java applet support in browsers, which modern browsers typically block by default.

📦 What is this software?

Supplier Relationship Management by Sap

View all CVEs affecting Supplier Relationship Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, or redirect users to malicious sites, compromising user accounts and sensitive auction data.

🟠

Likely Case

Attackers inject malicious scripts to steal session tokens or user credentials, leading to unauthorized access to auction functionality and potential data theft.

🟢

If Mitigated

With proper browser security controls and network segmentation, impact is limited to isolated browser sessions without affecting backend systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires tricking users into accessing malicious content via the vulnerable component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version specified in SAP Note 3578900

Vendor Advisory: https://me.sap.com/notes/3578900

Restart Required: Yes

Instructions:

1. Apply SAP Security Note 3578900. 2. Restart affected SAP systems. 3. Verify Java applet components are removed from Live Auction Cockpit.

🔧 Temporary Workarounds

Disable Java Applets in Browsers

all

Configure browsers to block Java applet execution globally.

Network Segmentation

all

Restrict access to SAP SRM Live Auction Cockpit to trusted networks only.

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block malicious script injection patterns.
  • Disable or restrict access to the Live Auction Cockpit component entirely.

🔍 How to Verify

Check if Vulnerable:

Check if SAP SRM version matches affected versions in SAP Note 3578900 and if Live Auction Cockpit uses Java applets.

Check Version:

Use SAP transaction SPAM to check applied notes or system version.

Verify Fix Applied:

Verify SAP Note 3578900 is applied and Java applet components are no longer present in Live Auction Cockpit.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Java applet load attempts in SAP logs
  • Multiple failed authentication attempts from single IPs

Network Indicators:

  • HTTP requests to Java applet resources in Live Auction Cockpit
  • Unexpected script injection patterns

SIEM Query:

Search for 'Live Auction Cockpit' AND 'java applet' in web access logs with suspicious parameters.

📊 Metadata

CVE ID: CVE-2025-30009
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.22% exploit probability (44.1th percentile)
Published: May 13, 2025
Last Updated: October 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30009, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)