CVE-2025-30018
HIGH WAF: High
CVSS 7.5
Published: 2025-05-13
CWE-611
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sap | supplier_relationship_management | 7.14 |
References
- me.sap.com (Permissions Required)
- url.sap (Not Applicable)