Platform
sap
Component
sapcar
Opgelost in
7.53.1
7.22.1
CVE-2025-42992 describes a Privilege Escalation vulnerability within the SAPCAR utility. This flaw allows an authenticated attacker, already possessing high-level privileges, to craft a malicious SAR (SAP Archive) archive. The successful exploitation of this vulnerability could lead to unauthorized access and control over critical system resources, impacting the integrity of the SAP environment. This vulnerability affects SAPCAR versions 7.22EXT–SAP_CAR 7.53. A fix is expected to be released by SAP.
The primary impact of CVE-2025-42992 lies in the potential for privilege escalation. An attacker, already logged in with elevated privileges, can leverage this vulnerability to create a specially crafted SAR archive. This archive, when processed by SAPCAR, could exploit weaknesses in file and directory permissions, allowing the attacker to gain further unauthorized access. The attacker could potentially modify system files, install malicious code, or gain control over sensitive data. While the impact on confidentiality and availability is considered low, the potential for integrity compromise is high. This could lead to data corruption, system instability, and disruption of business operations. The ability to bypass signature validation adds to the severity, as it allows the attacker to introduce malicious content without detection.
CVE-2025-42992 was published on 2025-07-08. The vulnerability's CVSS score is 6.9 (MEDIUM), indicating a moderate risk. Currently, there are no publicly known Proof-of-Concept (POC) exploits. The EPSS (Exploit Prediction Scoring System) score is pending evaluation. It is recommended to monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting this vulnerability. Refer to the SAP Security Notes for detailed information and remediation guidance.
Exploit Status
EPSS
0.01% (2% percentiel)
CISA SSVC
CVSS-vector
The immediate mitigation for CVE-2025-42992 is to apply the security patch released by SAP as soon as it becomes available. Until the patch is applied, restrict access to the SAPCAR utility to authorized personnel only. Implement strict file integrity monitoring to detect any unauthorized modifications to system files. Consider temporarily disabling the SAR archive creation functionality if it is not essential for business operations. If an upgrade is not immediately feasible, review and tighten file and directory permissions related to SAPCAR to minimize the potential impact of a successful exploit. After applying the upgrade, confirm the fix by attempting to create a malicious SAR archive and verifying that it is rejected or handled securely.
Actualice SAPCAR a una versión no vulnerable. Consulte la nota SAP 3595143 para obtener más detalles e instrucciones específicas de actualización.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
It's a Privilege Escalation vulnerability in SAPCAR, allowing attackers with high privileges to create malicious archives and potentially gain further unauthorized access.
If you are using SAPCAR versions 7.22EXT–SAP_CAR 7.53, you are potentially affected. Check SAP Security Notes for confirmation and updates.
Apply the security patch released by SAP as soon as it becomes available. Until then, restrict access and monitor file integrity.
Currently, there are no publicly known exploits, but it's crucial to monitor for any signs of active exploitation.
Refer to the official SAP Security Notes and the National Vulnerability Database (NVD) entry for CVE-2025-42992 for detailed information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.