CVE-2025-43001 | THREATINT

Description

SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-08 | Updated 2026-02-26 | Assigner sap

MEDIUM: 6.9CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

Problem types

CWE-266: Incorrect Privilege Assignment

Product status

Default status

unaffected

SAP_CAR 7.53

affected

7.22EXT

affected

References

me.sap.com/notes/3595143

url.sap/sapsecuritypatchday

cve.org (CVE-2025-43001)

nvd.nist.gov (CVE-2025-43001)

Download JSON