CVE-2025-6218

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.12.

Description WinRAR contains a directory traversal vulnerability (CVE-2025-6218) that allows remote attackers to execute arbitrary code. This occurs when opening a specially crafted archive file. The vulnerability is actively exploited by multiple threat actors, including APT groups like Paper Werewolf, Bitter, and Gamaredon. Attackers can leverage this flaw to execute code in the context of the current user. The vulnerability has been observed in attacks targeting various regions, including Russia, Ukraine, and others. Exploitation involves manipulating file paths within the archive to write files outside the intended directory, potentially leading to the execution of malicious code. The vulnerability is actively exploited in the wild, with threat actors utilizing it in phishing campaigns and deploying malware.

Recommendations Update WinRAR to version 7.12 or later.