CVE-2025-43001
MEDIUMSAPCAR >= 7.53 < 7.53, >= 7.22EXT < 7.22EXT - Privilege Escalation via Archive Extraction
Title source: llmDescription
SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.
References (2)
Core 2
Core References
Vendor Advisory
https://url.sap/sapsecuritypatchday
Vendor Advisory
https://me.sap.com/notes/3595143
Scores
CVSS v3
6.9
EPSS
0.0005
EPSS Percentile
16.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-266
Status
published
Products (2)
SAP_SE/SAPCAR
7.22EXT
SAP_SE/SAPCAR
SAP_CAR 7.53
Published
Jul 08, 2025
Tracked Since
Feb 18, 2026