CVE-2025-13876 Overview
A path traversal vulnerability has been identified in Rareprob HD Video Player All Formats App version 12.1.372 on Android. The vulnerability exists within an unknown function of the com.rocks.music.videoplayer component. Through improper input validation, an attacker can manipulate file paths to access or overwrite arbitrary files on the device, potentially leading to arbitrary file overwrite conditions.
Critical Impact
This path traversal vulnerability (CWE-22) allows local attackers to manipulate file paths within the HD Video Player application, potentially enabling arbitrary file access or overwrite on Android devices. The exploit has been publicly disclosed.
Affected Products
- Rareprob HD Video Player All Formats App 12.1.372 on Android
- Component: com.rocks.music.videoplayer
Discovery Timeline
- 2025-12-02 - CVE-2025-13876 published to NVD
- 2025-12-02 - Last updated in NVD database
Technical Details for CVE-2025-13876
Vulnerability Analysis
This vulnerability is classified as a Path Traversal (CWE-22) issue affecting the Rareprob HD Video Player All Formats App on Android devices. The vulnerability resides in the com.rocks.music.videoplayer component and allows attackers to traverse directory structures by manipulating file path inputs.
The CVSS 4.0 score is 4.8 (MEDIUM) with the following vector string:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Key metrics indicate:
- Attack Vector: Local - requires local access to the device
- Attack Complexity: Low - no special conditions required
- Privileges Required: Low - basic user privileges needed
- User Interaction: None - exploitation does not require user action
- Impact: Low confidentiality, integrity, and availability impact
The EPSS (Exploit Prediction Scoring System) probability is 0.016% with a percentile of 2.76, indicating a relatively low likelihood of active exploitation in the wild.
Root Cause
The root cause of this vulnerability is improper input validation in the file handling routines of the com.rocks.music.videoplayer component. The application fails to properly sanitize user-supplied file path inputs, allowing path traversal sequences (such as ../) to escape the intended directory structure. This enables attackers to access or manipulate files outside the application's designated storage directories.
Attack Vector
The attack requires local access to an Android device with the vulnerable HD Video Player application installed. An attacker with low-level privileges on the device can craft malicious file path inputs containing directory traversal sequences. When these paths are processed by the vulnerable component, the application may read from or write to arbitrary locations on the file system, subject to the application's Android permissions.
The vulnerability manifests in the file handling functionality of the video player application. The exploitation technique involves injecting path traversal sequences to escape the application's sandbox and access or overwrite files in other locations. Technical details of the exploitation method are documented in the security advisory on GitHub.
Detection Methods for CVE-2025-13876
Indicators of Compromise
- Unexpected file modifications or creations outside the HD Video Player's designated directories
- Log entries showing file access attempts with ../ or similar traversal sequences
- Unusual file system activity originating from the com.rocks.music.videoplayer process
- Modified or corrupted application data files on the device
Detection Strategies
Application Monitoring:
Organizations deploying Android devices with this application should implement mobile device management (MDM) solutions that can monitor for suspicious file system activities. Monitor for any file access patterns that indicate directory traversal attempts.
SentinelOne Mobile Threat Defense:
SentinelOne's Mobile Threat Defense capabilities can detect and prevent exploitation attempts by monitoring application behavior and file system access patterns. The platform's behavioral analysis engine can identify suspicious file path manipulations indicative of path traversal attacks.
Log Analysis:
Review Android system logs for entries related to the com.rocks.music.videoplayer package that show file access outside normal operational directories.
Monitoring Recommendations
- Deploy endpoint detection and response (EDR) solutions on mobile devices
- Enable detailed file system auditing where supported
- Monitor for applications attempting to access sensitive system files
- Implement application whitelisting policies to control which applications can be installed
- Use SentinelOne Singularity Mobile to gain visibility into mobile application threats
How to Mitigate CVE-2025-13876
Immediate Actions Required
- Uninstall Rareprob HD Video Player All Formats App version 12.1.372 until a patched version is available
- Use alternative video player applications from trusted vendors with better security practices
- Implement mobile application management (MAM) policies to prevent installation of vulnerable applications
- Review file system integrity on devices where this application was installed
- Deploy SentinelOne Mobile Threat Defense to protect against exploitation attempts
Patch Information
Vendor Response: The vendor (Rareprob) was contacted early about this disclosure but did not respond in any way. As of the last update on 2025-12-02, no official patch has been released.
Recommended Action: Due to the lack of vendor response and absence of a patch, users are strongly advised to uninstall this application and seek alternative video player software.
For additional technical details, consult the following resources:
Workarounds
In the absence of an official patch, the following workarounds can help reduce risk:
Application Removal: The most effective workaround is to completely uninstall the vulnerable application from all devices in your environment.
Application Isolation: If the application must be used temporarily, employ Android work profiles or container solutions to isolate it from sensitive data.
File System Monitoring: Implement monitoring solutions to detect any unauthorized file access or modification attempts originating from the application.
Access Controls: Limit the application's storage permissions through Android's permission management system where possible. Review and restrict any unnecessary permissions granted to the application.
Network Segmentation: Ensure devices running this application are segmented from sensitive network resources to limit potential lateral movement if the vulnerability is exploited.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
