CVE-2025-42970

Name of the Vulnerable Software and Affected Versions: SAPCAR (affected versions not specified)

Description: The issue arises from SAPCAR's improper sanitization of file paths during the extraction of SAPCAR archives. This allows an attacker to create a malicious archive with directory traversal sequences. When a high-privileged user extracts this archive, SAPCAR processes it, potentially extracting files outside the intended directory and overwriting files in arbitrary locations. This has a significant impact on the application's integrity and availability, with no effect on confidentiality.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.