CVE-2025-43001

{"id": "CVE-2025-43001", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.1}]}, "published": "2025-07-08T01:15:26.047", "references": [{"url": "https://me.sap.com/notes/3595143", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-266"}]}], "descriptions": [{"lang": "en", "value": "SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system."}, {"lang": "es", "value": "SAPCAR permite a un atacante con privilegios elevados anular los permisos de los directorios actual y principal del usuario o proceso que extrae el archivo, lo que provoca una escalada de privilegios. Si se explota con \u00e9xito, un atacante podr\u00eda modificar los archivos cr\u00edticos manipulando los archivos firmados sin romper la firma, pero con un impacto m\u00ednimo en la confidencialidad y la disponibilidad del sistema."}], "lastModified": "2025-07-08T16:18:14.207", "sourceIdentifier": "cna@sap.com"}