SB2025051329 - Multiple vulnerabilities in SAP Supplier Relationship Management

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2025-30012)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Live Auction Cockpit. A remote attacker can gain unauthorized access to sensitive information.

2) Information disclosure (CVE-ID: CVE-2025-30011)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Live Auction Cockpit. A remote attacker can gain unauthorized access to sensitive information.

3) Information disclosure (CVE-ID: CVE-2025-30010)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Live Auction Cockpit. A remote attacker can gain unauthorized access to sensitive information.

4) Information disclosure (CVE-ID: CVE-2025-30009)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Live Auction Cockpit. A remote attacker can gain unauthorized access to sensitive information.

5) Information disclosure (CVE-ID: CVE-2025-30018)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Live Auction Cockpit. A remote attacker can gain unauthorized access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2025.html
• https://me.sap.com/notes/3578900