Privilege Escalation Vulnerability in SAPCAR by SAP
CVE-2025-43001

6.9MEDIUM

Key Information:

Vendor

SAP

Status
Vendor
CVE Published:
8 July 2025

What is CVE-2025-43001?

The SAPCAR utility allows users with elevated permissions to exploit a privilege escalation vulnerability, enabling them to alter directory permissions while extracting archives. This security flaw can lead to unauthorized modification of critical files, as attackers may be able to manipulate signed archives without compromising the integrity of the signature. It opens avenues for tampering that could impact the system's overall stability.

Affected Version(s)

SAPCAR SAP_CAR 7.53

SAPCAR 7.22EXT

References

CVSS V3.1

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-43001 : Privilege Escalation Vulnerability in SAPCAR by SAP