CVE-2025-42970

medium

Description

SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality.

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3595156

Details

Source: Mitre, NVD

Published: 2025-07-08

Updated: 2025-07-08

Risk Information

CVSS v2

Base Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:M/C:N/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 5.8

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00043