CVE-2025-6218

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.12

Description WinRAR contains a directory traversal vulnerability that allows remote attackers to execute arbitrary code. The vulnerability stems from improper handling of file paths within archive files, enabling a crafted file path to traverse to unintended directories, potentially including system folders. Exploitation requires user interaction, such as opening a malicious file or visiting a malicious page. Attackers can leverage this flaw to execute code in the context of the current user. The vulnerability has been actively exploited by threat actors, including the Paper Werewolf group targeting Russian organizations and the Gamaredon APT group in attacks against Ukrainian targets. A zero-day exploit was also reportedly sold on the dark web. The vulnerability allows attackers to manipulate archive paths, potentially writing to protected system folders. Approximately 500 million users worldwide may be affected.

Recommendations Update WinRAR to version 7.12 or later.