CVE-2025-6218

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.12

Description WinRAR contains a directory traversal vulnerability (CVE-2025-6218) that allows remote attackers to execute arbitrary code. This occurs when opening a specially crafted archive file. User interaction is required, as the target must open a malicious file or visit a malicious page. The vulnerability allows an attacker to traverse to unintended directories, potentially executing code in the context of the current user. Multiple threat groups, including Paper Werewolf (GOFFEE), Bitter, and Gamaredon, are actively exploiting this flaw. The vulnerability has been observed in attacks targeting organizations in Russia and Ukraine. Exploits leverage the vulnerability to deploy malware, steal data, and establish persistent access. The vulnerability is actively exploited and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

Recommendations Update WinRAR to version 7.12 or later.