CVE-2025-30012

{"id": "CVE-2025-30012", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.5}]}, "published": "2025-05-13T01:15:47.833", "references": [{"url": "https://me.sap.com/notes/3578900", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format. On successful exploitation, an authenticated attacker with high privileges could send malicious payload request and receive an outbound DNS request, resulting in deserialization of data in the application. This vulnerability has low impact on confidentiality, integrity and availability of the application."}, {"lang": "es", "value": "Live Auction Cockpit de SAP Supplier Relationship Management (SRM) utiliza un componente de applet de Java obsoleto dentro de la pila SRM afectada para aceptar objetos binarios de Java en un formato de codificaci\u00f3n espec\u00edfico. Si se explota con \u00e9xito, un atacante autenticado con privilegios elevados podr\u00eda enviar una solicitud de payload malicioso y recibir una solicitud DNS saliente, lo que provocar\u00eda la deserializaci\u00f3n de los datos en la aplicaci\u00f3n. Esta vulnerabilidad tiene un impacto bajo en la confidencialidad, la integridad y la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2025-05-13T19:35:25.503", "sourceIdentifier": "cna@sap.com"}