CVE-2025-43001 Information
Jul 09, 2025
cve
Description
SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive leading to privilege escalation. On successful exploitation an attacker could modify the critical files by tampering with signed archives without breaking the signature but it has a low impact on the confidentiality and availability of the system.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
Reference
https://me.sap.com/notes/3595143 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
HIGH
Base Score
LOW
Base Severity
6.9
Related CNNVD
CNNVD-202507-820 (Published: 2025-07-08)
Share on: