CVE-2025-43001

Multiple Privilege Escalation Vulnerabilities in SAPCAR

CVSS 6.9 MEDIUMEPSS 0.1%CWE-266

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.9EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 jul 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

Productos afectados

SAP_SE · SAPCAR

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://me.sap.com/notes/3595143 https://url.sap/sapsecuritypatchday