CVE-2025-6218

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.12

Description WinRAR contains a directory traversal vulnerability that allows remote attackers to execute arbitrary code on affected systems. User interaction is required, as the target must open a malicious file. The flaw resides in how WinRAR handles file paths within archive files, allowing a crafted path to traverse to unintended directories, potentially including system folders like Startup. Exploitation can lead to the automatic execution of malicious code in the context of the current user. This vulnerability has been exploited in targeted attacks, including those attributed to the Paper Werewolf group against Russian organizations. A proof-of-concept exploit is publicly available and has been observed for sale on dark web forums. The vulnerability allows manipulation of archive paths, potentially enabling writing to protected system folders.

Recommendations Update WinRAR to version 7.12 or later.