Main Vulnerability Database Vulnerabilities #VU113822

#VU113822 Input validation error in SAPCAR - CVE-2025-42992

Published: August 12, 2025

Vulnerability identifier: #VU113822

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-42992

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SAPCAR

Software vendor:
SAP

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input when handling archives. A local user can trick the victim into opening a specially crafted SAR archive and override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation

Remediation

Install updates from vendor's website.

External links

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
https://me.sap.com/notes/3595143

#VU113822 Input validation error in SAPCAR - CVE-2025-42992

Description

Remediation

External links

Please verify you're human