CVE-2025-43001

EUVD-2025-20328
SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
sapCNA
6.9 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Common Weakness Enumeration
References
https://me.sap.com/notes/3595143
https://url.sap/sapsecuritypatchday