{"vulnerability": "CVE-2025-3001", "sightings": [{"uuid": "222ccfff-0dc5-457b-97ae-6d6126080f16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://bsky.app/profile/nihonmatsu.bsky.social/post/3lmcejquoj22v", "content": "", "creation_timestamp": "2025-04-08T11:26:25.774385Z"}, {"uuid": "1e6a6aae-45f3-46fd-a818-22aeed6da73d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://bsky.app/profile/aakl.bsky.social/post/3lmcvlgaa4222", "content": "", "creation_timestamp": "2025-04-08T16:31:35.119730Z"}, {"uuid": "03fbaf55-a27c-4658-91c4-7e261995ee3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lmc3apo6kc2k", "content": "", "creation_timestamp": "2025-04-08T08:40:18.295663Z"}, {"uuid": "a6162456-1ae1-4505-9b98-6e33dab09381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30013", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5eciuqw2z", "content": "", "creation_timestamp": "2025-04-08T09:18:07.204726Z"}, {"uuid": "40d2d5b9-de24-47b6-8e53-242ec839f7b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30014", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5edhqrb2z", "content": "", "creation_timestamp": "2025-04-08T09:18:12.452614Z"}, {"uuid": "deb9cbd0-2f02-43c5-8521-fb4042a0f804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30017", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5edl4wy2g", "content": "", "creation_timestamp": "2025-04-08T09:18:13.015444Z"}, {"uuid": "1d951743-d4cc-46a2-a552-e8394dc7b047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30015", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5edotqj2v", "content": "", "creation_timestamp": "2025-04-08T09:18:13.577604Z"}, {"uuid": "bd21f247-7aa1-4f9a-b61f-38bcf334426e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5ee2cca2g", "content": "", "creation_timestamp": "2025-04-08T09:18:15.208816Z"}, {"uuid": "88dcc5b7-2bc3-45b3-9073-aad8f939f1b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114301713111525541", "content": "", "creation_timestamp": "2025-04-08T09:48:51.456243Z"}, {"uuid": "224ad4dc-a1ce-4868-98e7-e611df7a1ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30012", "type": "seen", "source": "https://bsky.app/profile/fraustief.bsky.social/post/3lu3vx5gtfk2k", "content": "", "creation_timestamp": "2025-07-16T17:11:07.006165Z"}, {"uuid": "c3e5ff6d-611f-4697-86f4-ba71750c56e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0119", "content": "", "creation_timestamp": "2025-04-25T10:10:29.000000Z"}, {"uuid": "dfeed06d-e1b9-47dd-9234-611698668a01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0119", "content": "", "creation_timestamp": "2025-04-28T07:35:57.000000Z"}, {"uuid": "ccff08e8-8831-46fb-890e-43ea712d6978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0119", "content": "", "creation_timestamp": "2025-04-30T11:12:27.000000Z"}, {"uuid": "d7629142-2d15-4e77-9200-ffa18bc8a8d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30018", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114497943894558300", "content": "", "creation_timestamp": "2025-05-13T01:32:54.782123Z"}, {"uuid": "e915d4e0-2a84-41f8-8ef6-e3a9c186414c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30012", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjaam66w2l", "content": "", "creation_timestamp": "2025-05-13T03:12:11.834007Z"}, {"uuid": "2a4f168c-fd8d-40df-a88f-0138efd19eeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30011", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjaavm7s2w", "content": "", "creation_timestamp": "2025-05-13T03:12:12.541196Z"}, {"uuid": "05094a50-cda1-4edc-86c0-b0885b8e71f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30018", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjabkmls22", "content": "", "creation_timestamp": "2025-05-13T03:12:16.029635Z"}, {"uuid": "c02568f2-d221-451c-b911-62213f0d4a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30010", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjaccgoz2h", "content": "", "creation_timestamp": "2025-05-13T03:12:20.058479Z"}, {"uuid": "1527de9b-b633-4f95-80b3-f79521fd700f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30012", "type": "seen", "source": "https://threatintel.cc/2025/07/08/sap-patches-critical-flaws-that.html", "content": "", "creation_timestamp": "2025-07-08T12:08:07.000000Z"}, {"uuid": "ffd522d4-1b60-416c-92fa-6a4e8a281514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0119", "content": "", "creation_timestamp": "2025-04-09T07:12:05.000000Z"}, {"uuid": "11d1b711-c01b-40e4-8125-d07a8218ee60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114308286346337457", "content": "", "creation_timestamp": "2025-04-09T13:40:30.371337Z"}, {"uuid": "20b73b42-ac83-4dd4-b67e-7eb9958142f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30012", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/114818002384512340", "content": "", "creation_timestamp": "2025-07-08T14:07:59.344671Z"}, {"uuid": "43783207-b3b8-4f13-8412-daa55e328fdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30012", "type": "seen", "source": "https://bsky.app/profile/fraustief.bsky.social/post/3lu3vx5h65c2k", "content": "", "creation_timestamp": "2025-07-16T17:11:09.582588Z"}, {"uuid": "919629d5-01c8-4e2b-a43f-35ab0c8aaea9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30012", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3lwrihho3rc2d", "content": "", "creation_timestamp": "2025-08-19T17:58:37.260189Z"}, {"uuid": "15f2ea6f-33d7-4e89-955b-2c735972b0da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30014", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10864", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30014\n\ud83d\udd25 CVSS Score: 7.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don\ufffdt have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected.\n\ud83d\udccf Published: 2025-04-08T07:14:25.929Z\n\ud83d\udccf Modified: 2025-04-08T07:14:25.929Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/2927164\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-04-08T07:46:24.000000Z"}, {"uuid": "0566b50d-841e-4132-badb-6c8994a30165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10862", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30016\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity &amp; Availability of the application.\n\ud83d\udccf Published: 2025-04-08T07:14:51.578Z\n\ud83d\udccf Modified: 2025-04-08T07:14:51.578Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3572688\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-04-08T07:46:22.000000Z"}, {"uuid": "7134b42e-7dca-4bec-bd6b-322f0121fb4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3001", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9749", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3001\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-31T15:31:05.008Z\n\ud83d\udccf Modified: 2025-03-31T18:47:18.769Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.302050\n2. https://vuldb.com/?ctiid.302050\n3. https://vuldb.com/?submit.524212\n4. https://github.com/pytorch/pytorch/issues/149626\n5. https://github.com/pytorch/pytorch/issues/149626#issue-2935860995", "creation_timestamp": "2025-03-31T19:31:11.000000Z"}, {"uuid": "4d3575d9-1c5a-4e3e-aad8-897daa226359", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30015", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10863", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30015\n\ud83d\udd25 CVSS Score: 4.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.\n\ud83d\udccf Published: 2025-04-08T07:14:37.019Z\n\ud83d\udccf Modified: 2025-04-08T07:14:37.019Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3565944\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-04-08T07:46:23.000000Z"}, {"uuid": "23af79e9-dc94-4593-a1df-ca3e541d0313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30013", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10865", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30013\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the execution of unintended commands on the underlying system, posing a significant security risk to the confidentiality, integrity and availability of the application.\n\ud83d\udccf Published: 2025-04-08T07:14:07.797Z\n\ud83d\udccf Modified: 2025-04-08T07:14:07.797Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3571093\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-04-08T07:46:28.000000Z"}, {"uuid": "4ac71583-8acc-431e-8674-74c0a8bda8a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30010", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16116", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30010\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successful exploitation, the attacker could cause low impact on confidentiality and integrity with no impact on the availability of the application.\n\ud83d\udccf Published: 2025-05-13T00:13:04.776Z\n\ud83d\udccf Modified: 2025-05-13T14:27:01.826Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3578900\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-05-13T14:30:36.000000Z"}, {"uuid": "3e4ab0e8-97a8-4044-852c-398be5285b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30017", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10861", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30017\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application.\n\ud83d\udccf Published: 2025-04-08T07:15:02.720Z\n\ud83d\udccf Modified: 2025-04-08T07:15:02.720Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3558864\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-04-08T07:46:21.000000Z"}, {"uuid": "44244db1-5d33-4ee7-bb4f-ed6073f0be78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30012", "type": "seen", "source": "https://t.me/cvedetector/25158", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30012 - SAP SRM Java Applet Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30012 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format. On successful exploitation, an authenticated attacker with high privileges could send malicious payload request and receive an outbound DNS request, resulting in deserialization of data in the application. This vulnerability has low impact on confidentiality, integrity and availability of the application. \nSeverity: 3.9 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:33.000000Z"}, {"uuid": "452db75b-3940-4d22-9312-b65907ba4359", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30018", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16126", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30018\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.\n\ud83d\udccf Published: 2025-05-13T00:16:20.584Z\n\ud83d\udccf Modified: 2025-05-13T14:12:04.345Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3578900\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-05-13T14:30:46.000000Z"}, {"uuid": "5468262f-8c90-47f3-9f11-1a954687930d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30012", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16125", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30012\n\ud83d\udd25 CVSS Score: 3.9 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format. On successful exploitation, an authenticated attacker with high privileges could send malicious payload request and receive an outbound DNS request, resulting in deserialization of data in the application. This vulnerability has low impact on confidentiality, integrity and availability of the application.\n\ud83d\udccf Published: 2025-05-13T00:14:21.258Z\n\ud83d\udccf Modified: 2025-05-13T14:12:24.560Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3578900\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-05-13T14:30:45.000000Z"}, {"uuid": "e54b5be5-83cb-4499-86ef-7cb67be4eb8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30012", "type": "seen", "source": "https://t.me/CyberBulletin/3606", "content": "\u26a1\ufe0fThe CVSS score for the bug, tracked as CVE-2025-30012, has been updated from 3.9 to 10/10, after it was determined that it could be abused by unauthenticated attackers to execute arbitrary OS commands with administrative privileges.\n\n#CyberBulletin", "creation_timestamp": "2025-07-08T21:38:06.000000Z"}, {"uuid": "3ad809ee-27c1-40cd-8125-9f1f7eab784d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30011", "type": "seen", "source": "https://t.me/cvedetector/25157", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30011 - SAP SRM Java Applet Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-30011 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:32.000000Z"}, {"uuid": "5ec34cf6-171b-4ea8-908e-12892d5e198e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30010", "type": "seen", "source": "https://t.me/cvedetector/25156", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30010 - SAP SRM Java Applet Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-30010 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successful exploitation, the attacker could cause low impact on confidentiality and integrity with no impact on the availability of the application. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:32.000000Z"}, {"uuid": "cbf37e1f-e1bb-4f0b-be19-3de0515fd2df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30016", "type": "seen", "source": "https://t.me/cvedetector/22420", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30016 - SAP Financial Consolidation Unauthenticated Admin Account Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30016 \nPublished : April 8, 2025, 8:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity &amp; Availability of the application. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T11:29:06.000000Z"}, {"uuid": "eb7b8fcc-9e3c-4fec-940d-5ac8f6c9a032", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30017", "type": "seen", "source": "https://t.me/cvedetector/22421", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30017 - SAP Solution Manager File Upload Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-30017 \nPublished : April 8, 2025, 8:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T11:29:07.000000Z"}, {"uuid": "c9552b77-d183-450a-a19c-012b3a88aa73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30015", "type": "seen", "source": "https://t.me/cvedetector/22419", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30015 - SAP NetWeaver and ABAP Platform SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30015 \nPublished : April 8, 2025, 8:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application. \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T11:29:06.000000Z"}, {"uuid": "ef4d5fd6-8ca3-40e0-840c-08f61ddaa671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30014", "type": "seen", "source": "https://t.me/cvedetector/22418", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30014 - SAP Capital Yield Tax Management Directory Traversal\", \n  \"Content\": \"CVE ID : CVE-2025-30014 \nPublished : April 8, 2025, 8:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don\ufffdt have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T11:29:02.000000Z"}, {"uuid": "3e552a1d-0d26-48dd-a0a8-50cce36340fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30013", "type": "seen", "source": "https://t.me/cvedetector/22417", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30013 - SAP ERP BW Business Content OS Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30013 \nPublished : April 8, 2025, 8:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the execution of unintended commands on the underlying system, posing a significant security risk to the confidentiality, integrity and availability of the application. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T11:29:01.000000Z"}, {"uuid": "d4415205-55c2-4623-b85c-ade6644d94c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3001", "type": "seen", "source": "https://t.me/cvedetector/21611", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3001 - PyTorch LSTM Cell Memory Corruption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3001 \nPublished : March 31, 2025, 4:15 p.m. | 48\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T19:12:16.000000Z"}]}