Denial of Service Vulnerability in RAR Decoding Library by Nwaples
CVE-2025-11579

5.3MEDIUM

Key Information:

Vendor: Nwaples
Status: Rardecode
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-11579?

The RAR decoding library by Nwaples has a vulnerability that allows an attacker to exploit it by submitting a specially crafted RAR file. The flaw arises from the lack of restrictions on the dictionary size during the decoding process, which can lead to an Out Of Memory Crash. This results in a Denial of Service condition, making the affected applications unable to process further requests effectively. Users of rardecode are advised to upgrade to a fixed version to mitigate this risk.

Affected Version(s)

rardecode 2.0.1 <= 2.1.1

rardecode 2.2.0

References

https://github.com/nwaples/rardecode/commit/52fb4e825c936...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Oct 10, 2025

Credit

Juho Forsén

JSON