Which versions of Google are affected by CVE-2025-14111?

Organizations using Rarlab RAR App should be aware of moderate risk from CVE-2025-14111, a path traversal vulnerability rated CVSS 5.0. This could allow unauthorized file access.

Is there a public PoC exploit available for CVE-2025-14111?

Yes, a public proof-of-concept exploit is available for CVE-2025-14111. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-14111?

Within 30 days: Identify affected systems running Rarlab RAR App and apply vendor patches as part of regular patch cycle. Review file handling controls.

Google CVE-2025-14111

Q: What is the CVSS score of CVE-2025-14111?

CVE-2025-14111 has a CVSS 4.0 base score of 1.3 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.3%.

EUVD-2025-201506 LOW

Path Traversal (CWE-22)

2025-12-05 cna@vuldb.com

Path Traversal Google

1.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.3 LOW

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.0 (MEDIUM) 1.3 (LOW)

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201506

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Dec 12, 2025 - 12:45 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 23:15 nvd

MEDIUM 5.0

DescriptionCVE.org

A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected component. The vendor responded very professional: "This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected."

Analysis

CVE-2025-14111 vulnerability details – vuln.today

Back