Login Sign Up

CVE-2025-14111

5.0 MEDIUM
Path Traversal

📋 TL;DR

This CVE describes a path traversal vulnerability in Rarlab RAR App for Android that allows attackers to read or write arbitrary files remotely. Only Android versions up to 7.11 Build 127 are affected, with WinRAR and Unix RAR versions being unaffected. Successful exploitation could lead to data theft or system compromise.

💻 Affected Systems

Products:
  • Rarlab RAR App for Android
Versions: Up to and including version 7.11 Build 127
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Android version of RAR app. WinRAR and Unix RAR versions are NOT affected per vendor statement.

📦 What is this software?

Rar by Rarlab

View all CVEs affecting Rar →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full control of the Android device, accesses sensitive files, or installs malware through arbitrary file writes.

🟠

Likely Case

Data exfiltration of user files or limited file system manipulation due to Android sandboxing and exploit complexity.

🟢

If Mitigated

No impact if patched version is installed or app is removed from vulnerable devices.

🌐 Internet-Facing: MEDIUM - Attack can be launched remotely but exploit complexity is high and requires user interaction.
🏢 Internal Only: LOW - Primarily affects mobile devices that typically don't serve internal network functions.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploit has been publicly disclosed but requires complex attack chain. Remote exploitation is possible but difficult.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.20 build 128

Vendor Advisory: https://www.rarlab.com/rarnew.htm

Restart Required: No

Instructions:

1. Open Google Play Store on Android device. 2. Search for 'RAR'. 3. If update is available, tap 'Update'. 4. Verify version is 7.20 build 128 or higher.

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove RAR app from Android devices until patched version can be installed

Settings > Apps > RAR > Uninstall

Restrict app permissions

android

Limit RAR app's access to storage and files

Settings > Apps > RAR > Permissions > Deny Storage access

🧯 If You Can't Patch

  • Remove RAR app from all Android devices and use alternative archive tools
  • Implement mobile device management (MDM) policies to block RAR app installation

🔍 How to Verify

Check if Vulnerable:

Check RAR app version in Android Settings > Apps > RAR > App info

Check Version:

Not applicable - check via Android UI or app info

Verify Fix Applied:

Confirm version is 7.20 build 128 or higher in app settings

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns from RAR app
  • Multiple failed file operations

Network Indicators:

  • Suspicious network traffic from RAR app to external IPs

SIEM Query:

source="android_device" app="com.rarlab.rar" (event="file_access" OR event="permission_violation")

📊 Metadata

CVE ID: CVE-2025-14111
CVSS v3 Score: 5.0 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-22
EPSS Score: 0.33% exploit probability (55.1th percentile)
Published: December 5, 2025
Last Updated: December 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14111, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)