CVE-2025-6218

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.12

Description WinRAR contains a directory traversal vulnerability that could allow a remote attacker to execute arbitrary code. The vulnerability occurs due to improper handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories, potentially including system folders like Startup, leading to automatic execution of malicious code in the context of the current user. Exploitation requires user interaction, such as opening a malicious file or visiting a malicious page. The vulnerability has been exploited in targeted attacks by the Paper Werewolf group against Russian organizations, utilizing both CVE-2025-6218 and a zero-day exploit. The vulnerability is relatively easy to exploit and has a publicly available exploit. Approximately 500 million users worldwide are potentially affected. The vulnerability allows attackers to manipulate archive paths, potentially writing to protected system folders.

Recommendations Update WinRAR to version 7.12 or later.