CVE-2025-14111Path Traversal in RAR

CWE-22Path Traversal3 documents3 sources
Severity
2.3LOWNVD
EPSS
0.4%
top 38.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Rarlab RARRarlab RAR APP
Timeline
PublishedDec 5
Latest updateDec 6

Description

A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected c

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDrarlab/rar7.11
CVEListV5rarlab/rar_app7.11 Build 127

🔴Vulnerability Details

2
GHSA
GHSA-446c-49cw-x44x: A security vulnerability has been detected in Rarlab RAR App up to 72025-12-06
CVEList
Rarlab RAR App com.rarlab.rar path traversal2025-12-05
CVE-2025-14111 — Path Traversal in Rarlab RAR | cvebase