CVE-2025-30009 – SAP SRM Live Auction Cockpit Java Applet Remote Code Execution Vulnerability

May 13, 2025

CVE ID : CVE-2025-30009

Published : May 13, 2025, 1:15 a.m. | 1 hour, 49 minutes ago

Description : he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and integrity within the scope of that victim�s browser, with no effect on availability of the application

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-30010 – SAP SRM Java Applet Cross-Site Scripting (XSS)

Next Article CVE-2025-26662 – Apache Data Services Management Console Cross-Site Scripting Vulnerability

Highlights

CVE-2025-6475 – “SourceCodester Student Result Management System Cross Site Scripting Vulnerability”

June 22, 2025

CVE ID : CVE-2025-6475

Published : June 22, 2025, 12:15 p.m. | 1 hour, 28 minutes ago

Description : A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/manage_students of the component Manage Students Module. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

The top 4 Bluetooth speakers I’m taking everywhere this summer (including a surprise pick)

Your Android phone is getting a big security upgrade for free – here’s what’s new

How a 5-minute circuit scan saved me hundreds (and exposed a serious wiring surprise)

Using AI saves teachers ‘six weeks per year,’ Gallup poll finds – but at what cost?

billboard.js 3.16.0 release: ✨ bar trending line & improved resizing performance!

billboard.js 3.16.0 release: ✨ bar trending line & improved resizing performance!

ISO 20022 – End of MT Coexistence for Cash Instructions Fast Approaching

Building Trust and Shaping the Future: Implementing Responsible AI – Part 2

Windows 11 KB5060826 fixes slow Search, direct download links

Windows 11 KB5060826 fixes slow Search, direct download links

Rilasciata Tails 6.17: Più Privacy e Sicurezza con le Nuove Funzionalità

Rilasciata Deepin 25: La distribuzione GNU/Linux immutabile con assistente vocale e pacchetti universali

CVE-2025-30009 – SAP SRM Live Auction Cockpit Java Applet Remote Code Execution Vulnerability

Citrix Bleed 2 flaw now believed to be exploited in attacks

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

str0m is a Sans I/O WebRTC implementation

CVE-2025-5387 – JeeWMS File Handler Improper Access Controls Remote Vulnerability

CVE-2025-5868 – RT-Thread Array Index Validation Vulnerability

ConnectWise customers get mysterious warning about ‘sophisticated’ nation-state hack

CVE-2025-6475 – “SourceCodester Student Result Management System Cross Site Scripting Vulnerability”

Europol Issues Public Alert: ‘We Will Never Call You’ as Phone and App Scams Surge

Mobile security: flaw allows hackers to read texts and listen to calls

Microsoft’s New CLI Text Editor Works Great on Ubuntu

CVE-2025-30009 – SAP SRM Live Auction Cockpit Java Applet Remote Code Execution Vulnerability

Related Posts