{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T13:57:56.156","vulnerabilities":[{"cve":{"id":"CVE-2025-43001","sourceIdentifier":"cna@sap.com","published":"2025-07-08T01:15:26.047","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system."},{"lang":"es","value":"SAPCAR permite a un atacante con privilegios elevados anular los permisos de los directorios actual y principal del usuario o proceso que extrae el archivo, lo que provoca una escalada de privilegios. Si se explota con éxito, un atacante podría modificar los archivos críticos manipulando los archivos firmados sin romper la firma, pero con un impacto mínimo en la confidencialidad y la disponibilidad del sistema."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.1,"impactScore":5.3}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://me.sap.com/notes/3595143","source":"cna@sap.com"},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com"}]}}]}