CVE-2025-11579: Unauthorized access and subscription vulnerability in Boards
Published Oct 10, 2025
·Updated
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
Affected Software
4 affected componentsFixes available
nwaples rardecode<=2.1.1
go/github.com/nwaples/rardecode/v2<2.2.0
2.2.0
nwaples Rardecode Go<=2.1.1
IBM Concert Software<=1.0.0-2.2.0
Remediation
Information
Update to github.com/nwaples/rardecode v2.2.0 or higher
Event History
Oct 10, 2025
CVE Published
via MITRE·11:15 AM
Data Sourced
via MITRE·11:15 AM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·12:15 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·12:15 PM
RemedyAffected Software
Advisory Published
via GitHub·12:30 PM
Data Sourced
via GitHub·12:30 PM
DescriptionSeverityWeaknessAffected Software
Mar 23, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-11579?
CVE-2025-11579 is categorized as a Denial of Service vulnerability due to Out Of Memory crashes.
2
How do I fix CVE-2025-11579?
To mitigate CVE-2025-11579, upgrade to a version of nwaples rardecode that is greater than 2.1.1.
3
What versions of nwaples rardecode are affected by CVE-2025-11579?
CVE-2025-11579 affects nwaples rardecode versions up to and including 2.1.1.
4
What type of attack does CVE-2025-11579 enable?
CVE-2025-11579 allows attackers to crash the system via specially crafted RAR files.
5
What is the impact of exploiting CVE-2025-11579?
Exploitation of CVE-2025-11579 can lead to a Denial of Service condition, making the application unusable.