CVE-2025-43001

Published: Jul 8, 2025Modified: Jul 8, 2025

6.9

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

Exploitability: 1.1 / Impact: 5.3

Source: CNA (Secondary)

Description

SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.

Related CWEs

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (2)

https://me.sap.com/notes/3595143

Source: cna@sap.com

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Timeline

No history available yet.