CVE-2025-30010 is a medium-severity vulnerability identified in the Live Auction Cockpit component of SAP Supplier Relationship Management (SRM) version 7.14. This vulnerability is categorized as CWE-601, which corresponds to an open redirect or URL redirection to an untrusted site. The root cause lies in the use of a deprecated Java applet component within the affected SRM packages. An unauthenticated attacker can exploit this flaw by crafting a malicious URL that, when clicked by a victim, causes the victim's browser to be redirected to a malicious external website. This redirection can be leveraged in phishing campaigns or social engineering attacks to trick users into divulging sensitive information or downloading malware. The vulnerability requires no authentication but does require user interaction (clicking the malicious link). The CVSS v3.1 base score is 6.1, reflecting a medium severity level, with an attack vector of network (remote), low attack complexity, no privileges required, user interaction required, and a scope change. The impact affects confidentiality and integrity to a low degree, with no impact on availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability’s exploitation scope is limited to users who interact with the malicious link, and the affected system is specifically SAP SRM Live Auction Cockpit 7.14, a specialized enterprise resource planning (ERP) module used for supplier relationship management and auction processes.

For European organizations using SAP SRM 7.14 with the Live Auction Cockpit component, this vulnerability poses a risk primarily through social engineering and phishing attacks. Attackers can redirect users to malicious websites designed to harvest credentials, deliver malware, or conduct further attacks. Although the direct impact on confidentiality and integrity is low, successful exploitation could lead to credential compromise or unauthorized access to sensitive procurement or supplier data. The lack of availability impact means business operations are unlikely to be disrupted directly by this vulnerability. However, the reputational damage and potential regulatory consequences under GDPR for data breaches stemming from phishing or malware infections initiated via this redirect could be significant. Organizations in sectors with high supplier interaction, such as manufacturing, automotive, pharmaceuticals, and public sector entities, may be more exposed due to their reliance on SRM systems. The requirement for user interaction means that user awareness and training remain critical factors in mitigating risk.

1. Immediate mitigation should include disabling or restricting access to the Live Auction Cockpit component if it is not essential for business operations, especially until a patch is available. 2. Implement strict URL validation and filtering on the SRM platform to prevent untrusted redirects. 3. Deploy web security gateways or secure web proxies that can detect and block known malicious URLs and suspicious redirect patterns. 4. Enhance user training programs to raise awareness about phishing and suspicious links, emphasizing caution when clicking links in emails or messages related to procurement or supplier communications. 5. Monitor logs for unusual redirect activity or access patterns in the SRM environment. 6. Engage with SAP support and subscribe to SAP security advisories to obtain patches or updates as soon as they are released. 7. Consider network segmentation to isolate SRM systems and limit exposure to external networks. 8. Employ multi-factor authentication (MFA) for accessing SRM systems to reduce the impact of credential compromise resulting from phishing.