- Home
- Alerts & Advisories
- Alerts
- Critical Vulnerabilities in Multiple SAP Products
Alerts
Critical Vulnerabilities in Multiple SAP Products
11 July 2025
SAP has released security updates addressing multiple critical vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) and SAP S/4HANA / SAP Supply Chain Management (Characteristic Propagation).
Background
SAP has released security updates addressing multiple critical vulnerabilities (CVE-2025-30012 & CVE-2025-42967) in SAP Supplier Relationship Management (SRM) (Live Auction Cockpit), SAP S/4HANA and SAP Supply Chain Management (SCM) (Characteristic Propagation), respectively.
Impact
The vulnerabilities are:
CVE-2025-30012: A deserialisation vulnerability that could allow an unauthenticated attacker to send a malicious payload request in a specific encoding format, leading to execution of arbitrary OS command on target as a SAP Administrator. This vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10.
CVE-2025-42967: A remote code execution vulnerability that could allow an attacker with user level privileges to create a new report with their own code and gain full control of the affected SAP system. This vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.9 out of 10.
Affected Products
The vulnerabilities affect the following products:
CVE-2025-30012:
SAP SRM (Live Auction Cockpit) version SRM_SERVER 7.14
CVE-2025-42967:
SAP S/4HANA and SAP SCM (Characteristic Propagation) versions:
SCMAPO 713 and 714
S4CORE 102 to 104
S4COREOP 105 to 108
SCM 700 to 702 and 712
Mitigation
Users and administrators of affected products are advised to update to the latest versions immediately.
References
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html