Main Vulnerability Database Vulnerabilities #VU113821

#VU113821 Input validation error in SAPCAR - CVE-2025-43001

Published: August 12, 2025

Vulnerability identifier: #VU113821

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-43001

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SAPCAR

Software vendor:
SAP

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input when handling archives. A local user can trick the victim into opening a specially crafted SAR archive and override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation

Remediation

Install updates from vendor's website.

External links

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
https://me.sap.com/notes/3595143

#VU113821 Input validation error in SAPCAR - CVE-2025-43001

Description

Remediation

External links

Please verify you're human