CVE-2025-6218

Name of the Vulnerable Software and Affected Versions RARLAB WinRAR versions prior to 7.12

Description A directory traversal flaw exists in the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories, such as system folders like Startup, allowing remote attackers to execute arbitrary code in the context of the current user. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. This issue has been actively exploited by threat groups including Gamaredon, APT-C-08 (Manlinghua), GOFFEE, and Bitter, sometimes in conjunction with steganography to hide payloads within images or by replacing legitimate templates to create backdoors.

Recommendations Update to version 7.12 or later.