CVE-2025-14111
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-05

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected component. The vendor responded very professional: "This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-05
Last Modified
2026-04-29
Generated
2026-05-09
AI Q&A
2025-12-06
EPSS Evaluated
2026-05-08
NVD
CVE-2025-14111
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
rarlab rar to 7.11 (inc)
google android *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a path traversal issue in the Rarlab RAR App for Android up to version 7.11 Build 127. It allows an attacker to manipulate file paths remotely, potentially accessing files outside the intended directories. The attack is complex and difficult to exploit, but the exploit has been publicly disclosed. The issue affects only the Android version of RAR, not WinRAR or Unix RAR versions. Upgrading to version 7.20 Build 128 mitigates the vulnerability.


How can this vulnerability impact me? :

If exploited, this vulnerability could allow a remote attacker to perform path traversal attacks, potentially accessing or manipulating files outside the intended scope of the application on an Android device. This could lead to unauthorized access to sensitive data or system files. However, the attack is highly complex and difficult to execute. Upgrading to version 7.20 Build 128 prevents this issue.


What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to upgrade RAR for Android to version 7.20 build 128 or later, as this version contains the fix for the path traversal issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart