CVE-2025-6218

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.12

Description WinRAR contains a directory traversal vulnerability that allows remote attackers to execute arbitrary code. User interaction is required, as the attacker needs the victim to open a malicious file. The vulnerability stems from improper handling of file paths within archive files, enabling crafted paths to traverse to unintended directories. This allows an attacker to execute code in the context of the current user. This vulnerability is actively exploited by multiple threat groups, including APT-C-08 (Manlinghua), Gamaredon, Bitter, and Paper Werewolf. Exploits leverage the vulnerability through malicious RAR files, sometimes employing steganography to conceal payloads. The vulnerability has been assigned CVE-2025-6218 and was initially identified as ZDI-CAN-27198. The flaw affects Windows systems.

Recommendations Update WinRAR to version 7.12 or later.