CVE-2025-42971

A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.6 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3595141
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 01:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-42971

Mitre link : CVE-2025-42971

CVE.ORG link : CVE-2025-42971

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

4.0 /10