CVE-2025-14111 is a path traversal vulnerability identified in the Rarlab RAR App for Android, specifically affecting versions up to 7.11 Build 127. The vulnerability resides in the component com.rarlab.rar, allowing an attacker to manipulate file paths during archive extraction or file handling processes. This manipulation can lead to unauthorized access or overwriting of files outside the intended directory structure on the device's filesystem. The attack vector is remote, but exploitation is complex, requiring user interaction and no privileges, which limits the attack surface. The vulnerability does not impact the desktop versions of WinRAR or Unix RAR, as confirmed by the vendor. The vendor responded promptly by releasing a patched version 7.20 Build 128 that addresses the issue. The CVSS 4.0 base score is 2.3, reflecting a low severity due to the high complexity of exploitation, the need for user interaction, and limited confidentiality, integrity, and availability impacts. No public exploits are known to be actively used in the wild, reducing immediate risk. However, the public disclosure means attackers could develop exploits in the future. The vulnerability highlights the importance of secure file path handling in mobile archive applications to prevent unauthorized file system access.

For European organizations, the impact of CVE-2025-14111 is relatively low but should not be ignored. The vulnerability could allow attackers to access or overwrite sensitive files on Android devices running the vulnerable RAR App, potentially leading to data leakage or local device compromise. This risk is heightened in environments where Android devices are used to handle sensitive corporate data or where the RAR App is widely deployed. Although exploitation is complex and requires user interaction, targeted phishing or social engineering campaigns could leverage this vulnerability to gain unauthorized access to files. The low CVSS score indicates limited impact on core confidentiality, integrity, and availability, but the potential for lateral movement or data exposure exists if combined with other vulnerabilities or poor device security. European organizations with mobile workforces or BYOD policies should be aware of this risk and ensure affected devices are updated. The fact that WinRAR desktop versions are unaffected reduces the threat to traditional enterprise desktop environments.

European organizations should take the following specific mitigation steps: 1) Immediately update all instances of the Rarlab RAR App on Android devices to version 7.20 Build 128 or later to apply the official patch. 2) Implement mobile device management (MDM) policies to enforce app updates and restrict installation of outdated or untrusted applications. 3) Educate users about the risks of opening untrusted archive files, especially from unknown sources, to reduce the likelihood of user interaction enabling exploitation. 4) Monitor Android devices for unusual file system activity that could indicate exploitation attempts. 5) Restrict sensitive data storage on mobile devices or use encrypted containers to limit exposure in case of local file access. 6) Review and tighten permissions granted to the RAR App, minimizing its access to critical directories where possible. 7) Maintain an inventory of mobile applications in use to quickly identify and remediate vulnerable versions. These steps go beyond generic advice by focusing on mobile-specific controls and user awareness tailored to this vulnerability's characteristics.