無料スキャン
MEDIUMCVE-2025-43001CVSS 6.9

Multiple Privilege Escalation Vulnerabilities in SAPCAR

翻訳中…

プラットフォーム

sap

コンポーネント

sapcar

修正版

7.53.1

7.22.1

AI Confidence: highNVDEPSS 0.0%レビュー済み: 2026年5月
NVDで見る
保存
あなたの言語に翻訳中…

CVE-2025-43001 is a privilege escalation vulnerability affecting SAPCAR versions up to 7.53. An attacker with high privileges can exploit this flaw to override directory permissions during archive extraction. Successful exploitation could allow modification of critical files, potentially compromising system integrity, despite signature verification remaining intact. A patch is expected to resolve this issue.

影響と攻撃シナリオ翻訳中…

The primary impact of CVE-2025-43001 lies in the potential for privilege escalation. An attacker, already possessing high-level access, can leverage this vulnerability to manipulate the permissions of directories and files during the SAPCAR archive extraction process. This allows them to modify files, even those protected by digital signatures, without invalidating the signature itself. The attacker could, for example, replace legitimate system binaries with malicious versions, leading to complete system compromise. While the vulnerability's impact on confidentiality and availability is considered low, the ability to tamper with critical files presents a significant integrity risk. The blast radius extends to any system where SAPCAR is used and vulnerable versions are deployed, particularly those handling sensitive data or critical infrastructure.

悪用の状況翻訳中…

CVE-2025-43001 was published on 2025-07-08. The vulnerability's exploitation probability is currently being evaluated, but given the privilege escalation nature and potential for signature bypass, it warrants attention. No public Proof-of-Concept (POC) exploits are currently known, but the potential for abuse is significant. Monitor security advisories from SAP for updates and patch releases. The CVSS score of 6.9 (MEDIUM) indicates a moderate level of severity and potential for exploitation.

脅威インテリジェンス

エクスプロイト状況

概念実証不明
CISA KEVNO
インターネット露出

EPSS

0.01% (2% パーセンタイル)

CISA SSVC

悪用状況none
自動化可能no
技術的影響total

CVSS ベクトル

脅威インテリジェンス· CVSS 3.1CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L6.9MEDIUMAttack VectorLocal攻撃者がターゲットに到達する方法Attack ComplexityLow悪用に必要な条件Privileges RequiredHigh攻撃に必要な認証レベルUser InteractionRequired被害者の操作が必要かどうかScopeChanged影響コンポーネント外への波及ConfidentialityLow機密データ漏洩のリスクIntegrityHigh不正データ改ざんのリスクAvailabilityLowサービス障害のリスクnextguardhq.com · CVSS v3.1 基本スコア
これらのメトリクスの意味は?
Attack Vector
ローカル — システム上のローカルセッションまたはシェルが必要。
Attack Complexity
低 — 特別な条件不要。安定して悪用可能。
Privileges Required
高 — 管理者または特権アカウントが必要。
User Interaction
必要 — 被害者がファイルを開く、リンクをクリックするなどのアクションが必要。
Scope
変化あり — 攻撃が脆弱なコンポーネントを超えて他のシステムに波及可能。
Confidentiality
低 — 一部データへの部分的アクセス。
Integrity
高 — 任意のデータの書き込み・変更・削除が可能。
Availability
低 — 部分的または断続的なサービス拒否。

影響を受けるソフトウェア

コンポーネントsapcar
ベンダーSAP_SE
影響範囲修正版
SAP_CAR 7.53 – SAP_CAR 7.537.53.1
7.22EXT – 7.22EXT7.22.1

弱点分類 (CWE)

CWE-266

タイムライン

  1. 予約済み
  2. 公開日
  3. 更新日
  4. EPSS 更新日
未パッチ — 公開から320日経過

緩和策と回避策翻訳中…

The primary mitigation for CVE-2025-43001 is to upgrade SAPCAR to a patched version as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. Restrict access to SAPCAR functionality to only authorized users with a strict need-to-know basis. Implement robust file integrity monitoring (FIM) to detect unauthorized modifications to critical files. Review and strengthen existing access control policies to minimize the potential impact of a successful exploit. Consider using a Web Application Firewall (WAF) or proxy to filter potentially malicious archive uploads, although this may not be a complete solution. After upgrading, verify the fix by attempting to extract a test archive and confirming that directory permissions remain unchanged.

修正方法翻訳中…

Actualice SAPCAR a una versión parcheada o posterior. Consulte la nota SAP 3595143 para obtener más detalles e instrucciones específicas sobre cómo aplicar la solución.

CVEセキュリティニュースレター

脆弱性分析と重要アラートをメールでお届けします。

よくある質問翻訳中…

What is CVE-2025-43001 — Privilege Escalation in SAPCAR?

It's a privilege escalation vulnerability in SAPCAR versions up to 7.53, allowing attackers to modify files during archive extraction despite signature verification.

Am I affected by CVE-2025-43001 in SAPCAR?

If you are using SAPCAR version 7.53 or earlier, you are potentially affected by this vulnerability. Check your SAPCAR version immediately.

How do I fix CVE-2025-43001 in SAPCAR?

Upgrade to a patched version of SAPCAR as soon as a patch is released by SAP. Until then, implement temporary workarounds like access restrictions and file integrity monitoring.

Is CVE-2025-43001 being actively exploited?

No public exploits are currently known, but the potential for exploitation is significant due to the privilege escalation nature of the vulnerability.

Where can I find the official SAPCAR advisory for CVE-2025-43001?

Refer to SAP security advisories and the National Vulnerability Database (NVD) entry for CVE-2025-43001 for the latest information.

あなたのプロジェクトは影響を受けていますか?

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャンCVEを検索