Directory Traversal Vulnerability in SAPCAR by SAP
CVE-2025-42970

5.8MEDIUM

Key Information:

Vendor

SAP

Status
Vendor
CVE Published:
8 July 2025

What is CVE-2025-42970?

SAPCAR contains a flaw in its handling of file paths during the extraction of SAPCAR archives. This flaw allows attackers to create malicious archives with directory traversal sequences. When an unsuspecting user with elevated privileges extracts such an archive, it can lead to the extraction of files outside the designated directories, potentially overwriting critical files in arbitrary locations on the system. This vulnerability poses significant risks to the integrity and availability of the application, as it enables unauthorized access to system resources.

Affected Version(s)

SAPCAR SAP_CAR 7.53

SAPCAR 7.22EXT

References

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-42970 : Directory Traversal Vulnerability in SAPCAR by SAP