CVE-2025-6218

Name of the Vulnerable Software and Affected Versions WinRAR versions 7.11 and earlier

Description WinRAR contains a directory traversal vulnerability that allows remote attackers to execute arbitrary code on affected systems. User interaction is required, such as opening a malicious file or visiting a malicious page. The vulnerability stems from improper handling of file paths within archive files, enabling crafted file paths to traverse to unintended directories. Exploitation can lead to code execution in the context of the current user. Approximately 500 million users worldwide are potentially affected. The vulnerability, tracked as CVE-2025-6218, was discovered by whs3-detonator and reported through the Zero Day Initiative. The Paper Werewolf threat group has been observed exploiting this vulnerability in targeted attacks against organizations in Russia. The vulnerability allows attackers to manipulate archive paths, potentially writing to protected system folders.

Recommendations Update to WinRAR version 7.12 beta 1 or later.