CVE-2025-42970

5.8 MEDIUM
Published: July 08, 2025 Modified: April 15, 2026
View on NVD

Description

SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://me.sap.com/notes/3595156
Source: cna@sap.com
https://url.sap/sapsecuritypatchday
Source: cna@sap.com

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.8 / 10.0
EPSS (Exploit Probability)
0.1%
22th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Related CVEs

CVE-2026-7429 4.6
CVE-2026-33448 N/A
CVE-2026-33447 N/A
CVE-2026-33446 N/A
CVE-2025-56568 N/A