CVE-2025-13876 is a path traversal vulnerability identified in the Rareprob HD Video Player All Formats App version 12.1.372 on Android devices. The vulnerability resides in an unspecified function within the component com.rocks.music.videoplayer, which improperly validates or sanitizes file path inputs. This flaw allows a local attacker with limited privileges (PR:L) to manipulate file paths to access or potentially modify files outside the intended directories. The attack vector is local (AV:L), meaning the attacker must have physical or logical access to the device, but no user interaction (UI:N) is required once access is obtained. The vulnerability impacts confidentiality, integrity, and availability at a low level (VC:L, VI:L, VA:L), indicating limited but non-negligible consequences. The CVSS 4.0 base score is 4.8 (medium severity), reflecting the moderate risk posed by the vulnerability. The vendor was contacted early but did not respond or provide a patch, and no official remediation is currently available. Although no known exploits are reported in the wild, the public disclosure of the vulnerability increases the risk of exploitation by attackers with local access. The vulnerability could be leveraged to access sensitive files or disrupt app functionality, potentially leading to data leakage or corruption on affected devices. Given the app’s presence on Android devices, the threat primarily targets mobile environments where the app is installed. Organizations using this app on corporate or personal devices may be exposed to this risk, especially if devices are shared or accessible by multiple users.

For European organizations, the impact of CVE-2025-13876 centers on the potential unauthorized local access to sensitive files or data within the Rareprob HD Video Player app environment. This could lead to confidentiality breaches if private media or configuration files are accessed, or integrity issues if files are modified maliciously. Although the attack requires local access, compromised or shared devices in corporate environments increase the risk. The vulnerability may also be exploited to disrupt media playback or app stability, affecting availability. Organizations with mobile workforces relying on Android devices, especially those that allow installation of third-party apps like Rareprob HD Video Player, are at risk. Data protection regulations such as GDPR heighten the consequences of any data leakage. The lack of vendor response and patch availability prolongs exposure. The threat is more pronounced in sectors with high mobile device usage, such as finance, healthcare, and government, where sensitive data may be stored or accessed via mobile apps.

1. Restrict local device access: Enforce strong device access controls such as biometric authentication, PINs, or passwords to prevent unauthorized local access. 2. Limit app installation: Use mobile device management (MDM) solutions to restrict installation of unapproved or vulnerable apps like Rareprob HD Video Player. 3. Monitor device usage: Implement monitoring to detect unusual file access or app behavior indicative of exploitation attempts. 4. Educate users: Train employees on risks of installing untrusted apps and the importance of device security. 5. Isolate sensitive data: Avoid storing sensitive or corporate data within apps that have known vulnerabilities. 6. Apply updates promptly: Monitor vendor communications for patches or updates and apply them immediately once available. 7. Consider app alternatives: Evaluate replacing Rareprob HD Video Player with more secure, actively maintained video players. 8. Conduct regular security assessments on mobile devices to identify and remediate vulnerabilities proactively.