CVE-2025-14111 | Rarlab RAR App up to 7.11 Build 127 on Android com.rarlab.rar path traversal

A vulnerability, which was classified as critical, was found in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal.

This vulnerability is referenced as CVE-2025-14111. It is possible to launch the attack remotely. Furthermore, an exploit is available.

You should upgrade the affected component.

The vendor responded very professional: “This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (…) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn’t affected.”VulDB Recent EntriesRead More