CVE-2025-42992

Sažetak

SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system.

Reference

https://me.sap.com/notes/3595143
https://url.sap/sapsecuritypatchday

CVSS

Base:	6.9
Impact:	5.3
Exploitability:	1.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	HIGH	LOW

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

Zadnje važnije ažuriranje

08-07-2025 - 01:15

Objavljeno

08-07-2025 - 01:15