Directory Traversal Vulnerability in SAPCAR by SAP
CVE-2025-42970
5.8MEDIUM
What is CVE-2025-42970?
SAPCAR contains a flaw in its handling of file paths during the extraction of SAPCAR archives. This flaw allows attackers to create malicious archives with directory traversal sequences. When an unsuspecting user with elevated privileges extracts such an archive, it can lead to the extraction of files outside the designated directories, potentially overwriting critical files in arbitrary locations on the system. This vulnerability poses significant risks to the integrity and availability of the application, as it enables unauthorized access to system resources.
Affected Version(s)
SAPCAR SAP_CAR 7.53
SAPCAR 7.22EXT