CVE-2025-43001 is a vulnerability identified in SAP SE's SAPCAR utility, specifically affecting versions 7.53 and 7.22EXT. SAPCAR is a tool used for compressing and decompressing archive files within SAP environments. The vulnerability is classified under CWE-266, which relates to incorrect privilege assignment. The flaw allows an attacker who already has high privileges and is logged into the system to override the permissions of the current and parent directories involved in the extraction process of an archive. This means that during the extraction of an archive, the attacker can manipulate directory permissions to escalate privileges further by modifying critical files. Notably, the attacker can tamper with signed archives without invalidating the signature, which complicates detection and trust verification mechanisms. The CVSS v3.1 base score is 6.9, indicating a medium severity level. The vector string (AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L) shows that the attack requires local access, low attack complexity, high privileges, and user interaction. The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality is low, but the integrity impact is high, and availability impact is low. No known exploits are currently reported in the wild, and no patches or fixes have been linked yet. This vulnerability primarily enables privilege escalation by exploiting improper permission handling during archive extraction, which could lead to unauthorized modification of critical system files and potential compromise of system integrity.

For European organizations using SAP systems, particularly those relying on SAPCAR for archive management, this vulnerability poses a significant risk to system integrity. Although the confidentiality and availability impacts are low, the ability to modify critical files without breaking digital signatures can undermine trust in system components and lead to unauthorized changes that may disrupt business processes or facilitate further attacks. Privilege escalation can allow attackers to gain control over SAP environments, potentially leading to data manipulation, disruption of enterprise resource planning (ERP) operations, and compliance violations under regulations such as GDPR. Given SAP's widespread adoption across European industries including manufacturing, finance, and public sector, exploitation of this vulnerability could affect critical infrastructure and sensitive data processing. The requirement for high privileges and local access somewhat limits the attack surface but does not eliminate risk, especially in environments where insider threats or compromised accounts exist. The need for user interaction also suggests that social engineering or other techniques might be used to trigger the exploit. The lack of known exploits in the wild provides a window for proactive mitigation, but organizations should act swiftly to prevent potential exploitation.

1. Restrict access to SAPCAR utility strictly to trusted administrators and limit the number of users with high privileges to reduce the risk of exploitation. 2. Implement strict directory permission policies and regularly audit permissions on directories used by SAPCAR to detect unauthorized changes. 3. Monitor and log SAPCAR usage and archive extraction activities to identify suspicious behavior indicative of privilege escalation attempts. 4. Employ application whitelisting and integrity verification tools to detect unauthorized modifications to critical files, even if signatures appear valid. 5. Use network segmentation and endpoint protection to limit local access to systems running SAPCAR, reducing the attack surface. 6. Educate administrators and users with high privileges about the risks of social engineering and the importance of cautious interaction with archive files. 7. Stay updated with SAP security advisories and apply patches or updates as soon as they become available for SAPCAR. 8. Consider implementing multi-factor authentication for administrative accounts to mitigate risks associated with compromised credentials. 9. Conduct regular vulnerability assessments and penetration testing focused on SAP environments to identify and remediate privilege escalation vectors.