CVE-2025-6218

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.12

Description WinRAR contains a directory traversal vulnerability (CVE-2025-6218) that allows remote attackers to execute arbitrary code. User interaction is required, as the attacker needs the target to open a malicious file. The vulnerability stems from improper handling of file paths within archive files, enabling crafted paths to traverse to unintended directories. Multiple threat groups, including Paper Werewolf (GOFFEE), Bitter, and Gamaredon, are actively exploiting this flaw. Exploits have been observed using techniques like manipulating paths within archives to write files to system directories, potentially leading to code execution. The vulnerability is actively exploited in attacks targeting various regions, including Russia, Ukraine, and Israel. The flaw is actively exploited and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

Recommendations Update WinRAR to version 7.12 or later.