CVE-2025-42992
MEDIUMSAPCAR 7.22EXT-7.53 - Privilege Escalation via Malicious SAR Archive
Title source: llmDescription
SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3595143
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
6.9
EPSS
0.0005
EPSS Percentile
16.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-266
Status
published
Products (2)
SAP_SE/SAPCAR
7.22EXT
SAP_SE/SAPCAR
SAP_CAR 7.53
Published
Jul 08, 2025
Tracked Since
Feb 18, 2026