CVE-2025-42971 Information
Jul 09, 2025
cve
Description
A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive it gets processed by SAPCAR on their system resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality integrity and availability of the application.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Reference
https://me.sap.com/notes/3595141 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
LOW
Base Severity
4.0
Related CNNVD
CNNVD-202507-811 (Published: 2025-07-08)
Share on: