CVE-2025-6218

Name of the Vulnerable Software and Affected Versions RARLAB WinRAR versions prior to 7.12

Description A directory traversal flaw exists in the handling of file paths within archive files. This issue allows remote attackers to execute arbitrary code in the context of the current user if a target opens a specially crafted malicious file or visits a malicious page. The flaw enables the extraction process to traverse to unintended directories, including sensitive system folders such as Startup, which can lead to the automatic execution of malicious code. This issue has been actively exploited in the wild by threat groups including APT-C-08 (Manlinghua), GOFFEE, and Bitter, and has been used in campaigns to deploy QuasarRAT malware.

Recommendations Update to version 7.12 or later.