CVE-2025-42971 MEDIUM

CVE-2025-42971: Memory Corruption vulnerability in SAPCAR

Vendor Sap_Se

Product SAPCAR

Weakness CWE-787

Published July 8, 2025

Last update July 8, 2025

View on NVD All CVEs

CVSS base score

4.0/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application.

Key dates

02Disclosure timeline

July 8, 2025 CVE published

July 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-42971 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2025-42971

CWE CWE-787

CVSS 4.0 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAPCAR

Affected SAP_CAR 7.53

Vendor Sap_Se

Product SAPCAR

Affected 7.22EXT

CVE-2025-42971: Memory Corruption vulnerability in SAPCAR

01Description

02Disclosure timeline

03References

04Related CVE