CVE-2025-42970 Information

Jul 09, 2025 cve

Description

SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive it is then processed by SAPCAR on their system causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H

Reference

https://me.sap.com/notes/3595156 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

5.8

CNNVD-202507-809 (Published: 2025-07-08)

Share on:

CVE-2025-42970 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD