CVE-2025-6218
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
| CWE | CWE-22 |
| Vendor | rarlab |
| Product | winrar |
| Published | Jun 21, 2025 |
| Last Updated | Feb 26, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for rarlab winrar
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-6218.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Versions
RARLAB / WinRAR
7.11 (64-bit)
References
zerodayinitiative.com: https://www.zerodayinitiative.com/advisories/ZDI-25-409/ win-rar.com: https://www.win-rar.com/singlenewsview.html?&tx_ttnews%5Btt_news%5D=276&cHash=388885bd3908a40726f535c026f94eb6 secpod.com: https://www.secpod.com/blog/archive-terror-dissecting-the-winrar-cve-2025-6218-exploit-apt-c-08s-stealth-move/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6218 foresiet.com: https://foresiet.com/blog/apt-c-08-winrar-directory-traversal-exploit/