CVE-2025-42992 Information
Jul 09, 2025
cve
Description
SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation resulting in potential privilege escalation. This has high impact on integrity but low impact on confidentiality and availability of the system.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
Reference
https://me.sap.com/notes/3595143 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
HIGH
Base Score
LOW
Base Severity
6.9
Related CNNVD
CNNVD-202507-819 (Published: 2025-07-08)
Share on: