CVE-2025-43001

SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.

CVSS v3 6.9 MEDIUM

6.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.1 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3595143
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) SAPCAR permite a un atacante con privilegios elevados anular los permisos de los directorios actual y principal del usuario o proceso que extrae el archivo, lo que provoca una escalada de privilegios. Si se explota con éxito, un atacante podría modificar los archivos críticos manipulando los archivos firmados sin romper la firma, pero con un impacto mínimo en la confidencialidad y la disponibilidad del sistema.

08 Jul 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 01:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-43001

Mitre link : CVE-2025-43001

CVE.ORG link : CVE-2025-43001

JSON object : View

Products Affected

No product.

CWE

CWE-266

Incorrect Privilege Assignment

6.9 /10