How severe is CVE-2025-30012?

This vulnerability has a severity rating of LOW with a CVSS score of 3.9 out of 10.

What type of vulnerability is CVE-2025-30012?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2025-30012 - LOW Severity | CVSS 3.9

Vulnerability Description

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format. On successful exploitation, an authenticated attacker with high privileges could send malicious payload request and receive an outbound DNS request, resulting in deserialization of data in the application. This vulnerability has low impact on confidentiality, integrity and availability of the application.

Related Vulnerabilities

CVE-2024-34274

LOW

CVSS:3.9(Low)

OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbi...

CWE-5022024

CVE-2023-26592

LOW

CVSS:3.8(Low)

Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access.

CWE-5022023

CVE-2020-2756

LOW

CVSS:3.7(Low)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u...

CWE-5022020

CVE-2020-2757

LOW

CVSS:3.7(Low)

CWE-5022020

CVE-2024-21217

LOW

CVSS:3.7(Low)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Jav...

CWE-5022024

CVE-2023-30534

MEDIUM

CVSS:4.3(Medium)

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’...

CWE-5022023