Memory Corruption Vulnerability in SAPCAR by SAP
CVE-2025-42971
4MEDIUM
What is CVE-2025-42971?
A memory corruption flaw in SAPCAR allows an attacker to create malicious SAPCAR archives. Upon extraction by a high-privileged user, the system processes these archives, leading to out-of-bounds memory operations. This could result in unauthorized file extraction and overwriting files outside the designated directories, raising potential security risks for the application environment.
Affected Version(s)
SAPCAR SAP_CAR 7.53
SAPCAR 7.22EXT