CVE-2025-42992

{"id": "CVE-2025-42992", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.1}]}, "published": "2025-07-08T01:15:25.887", "references": [{"url": "https://me.sap.com/notes/3595143", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-266"}]}], "descriptions": [{"lang": "en", "value": "SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system."}, {"lang": "es", "value": "SAPCAR permite a un atacante con acceso a SAPCAR con privilegios elevados crear un archivo SAR malicioso. Esto podr\u00eda permitirle explotar archivos cr\u00edticos y permisos de directorio sin violar la validaci\u00f3n de firmas, lo que podr\u00eda resultar en una escalada de privilegios. Esto tiene un alto impacto en la integridad, pero un bajo impacto en la confidencialidad y la disponibilidad del sistema."}], "lastModified": "2025-07-08T16:18:14.207", "sourceIdentifier": "cna@sap.com"}