Privilege Escalation Vulnerability in SAPCAR by SAP
CVE-2025-43001

6.9MEDIUM

Key Information:

Vendor: SAP
Status: SAPcar
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-43001?

The SAPCAR utility allows users with elevated permissions to exploit a privilege escalation vulnerability, enabling them to alter directory permissions while extracting archives. This security flaw can lead to unauthorized modification of critical files, as attackers may be able to manipulate signed archives without compromising the integrity of the signature. It opens avenues for tampering that could impact the system's overall stability.

Affected Version(s)

SAPCAR SAP_CAR 7.53

SAPCAR 7.22EXT

References

https://me.sap.com/notes/3595143

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Apr 16, 2025