CVE-2025-6218

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.12

Description WinRAR contains a directory traversal vulnerability that allows remote attackers to execute arbitrary code. User interaction is required, as the target must open a malicious file. The vulnerability stems from improper handling of file paths within archive files, enabling an attacker to traverse to unintended directories and execute code in the context of the current user. Multiple threat groups, including Paper Werewolf, Bitter, and Gamaredon, are actively exploiting this flaw. Attackers are leveraging this vulnerability through phishing campaigns and by embedding malicious files within archives. The vulnerability is actively exploited and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. The vulnerability allows attackers to manipulate archive paths, potentially writing to protected system folders. The vulnerability is associated with CVE-2025-6218 and ZDI-CAN-27198.

Recommendations Update WinRAR to version 7.12 or later.