CVE-2025-6218

moderate-risk
Published 2025-06-21

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.

Do I need to act?

~
4.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Rarlab

References (5)

Release Notes https://www.win-rar.com/singlenewsview.html?&tx_ttnews%5Btt_news%5D=276&cHash=38...
Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-25-409/
Exploit https://foresiet.com/blog/apt-c-08-winrar-directory-traversal-exploit/
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
Exploit https://www.secpod.com/blog/archive-terror-dissecting-the-winrar-cve-2025-6218-e...
44
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 15/34 · Moderate
Exposure 5/34 · Minimal