CVE-2025-42970
MEDIUM
5.8
Our Analysis: General-Purpose
Our model has classified this vulnerability as relevant to General-Purpose Systems, helping your team prioritize efforts effectively.
Published Date
July 8, 2025
Last Modified
July 8, 2025
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
Description
SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality.