CVE-2024-25466

HIGH

React Native Document Picker <9.1.1 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-25466. PoCs published by FixedOctocat.

AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2024-25466, a directory traversal vulnerability in React Native Document Picker before v9.1.1. The vulnerability allows local attackers to execute arbitrary code via a crafted script in the Android library component.

Description

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.

Exploits (1)

nomisec WRITEUP
by FixedOctocat · poc
https://github.com/FixedOctocat/CVE-2024-25466

This repository contains a detailed writeup for CVE-2024-25466, a directory traversal vulnerability in React Native Document Picker before v9.1.1. The vulnerability allows local attackers to execute arbitrary code via a crafted script in the Android library component.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: react-native-document-picker android library <9.1.1
No auth needed
Prerequisites: Local access to the device · User interaction to pick a malicious file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0104
EPSS Percentile 77.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-26
Status published
Products (2)
npm/react-native-document-picker 9.0.0 - 9.1.1npm
react-native-documents/document_picker < 9.1.1
Published Feb 16, 2024
Tracked Since Feb 18, 2026