{"uuid": "4239b11f-66cd-4395-a374-c676a3c91a2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30009", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16134", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30009\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim\ufffds browser. This vulnerability has low impact on confidentiality and integrity within the scope of that victim\ufffds browser, with no effect on availability of the application\n\ud83d\udccf Published: 2025-05-13T00:12:52.634Z\n\ud83d\udccf Modified: 2025-05-13T14:06:31.756Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3578900\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-05-13T14:30:57.000000Z"}