AI description
CVE-2025-6218 is a directory traversal remote code execution vulnerability that affects RARLAB WinRAR. It allows remote attackers to execute arbitrary code on affected installations. Exploitation of this vulnerability requires user interaction, as the target must visit a malicious page or open a malicious file. The vulnerability lies in how WinRAR handles file paths within archive files, where a specially crafted file path can cause the process to traverse to unintended directories. By leveraging this vulnerability, an attacker can execute code within the security context of the current user.
- Description
- RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Analyzed
- Products
- winrar
CVSS 3.0
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Path Traversal Vulnerability
- Exploit added on
- Dec 9, 2025
- Exploit action due
- Dec 30, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- zdi-disclosures@trendmicro.com
- CWE-22
- Hype score
- Not currently trending
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups WinRAR Vulnerability CVE-2025-6218: U.S. CISA warns of active exploitation, citing evidence of path traversal bug. CVSS score: 7.8. WinRAR users, take immediate action to patch and secure h
@HackonomicNews
13 Dec 2025
37 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 Urgent warning! A critical WinRAR vulnerability (CVE-2025-6218) is actively being exploited by multiple threat groups. Update your software NOW to stay safe! #WinRAR #CyberAttack https://t.co/dVB2aqkNrw
@xcybersecnews
12 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns WinRAR CVE-2025-6218 is under active attack by multiple threat groups, requiring federal by Dec. 30, 2025.
@1cebi
12 Dec 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA WinRAR CVE-2025-6218 is under active attack by multiple threat groups, requiring federal fixes by Dec. 30, 2025.
@JackilynMegham
12 Dec 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ WinRAR's CVE-2025-6218 vulnerability is still lurking around despite a patch! Don't let your files take a detour into danger—update now! #WinRAR #CVE2025 #CyberSecurity https://t.co/3EquR4Vn7j
@windowsforum
11 Dec 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft's December finale patches 56 bugs across Windows—3 Critical, including Office preview pane RCEs (CVE-2025-62554/57). One zero-day (WinRAR path traversal CVE-2025-6218) already in the wild per CISA. Update stat! https://t.co/3rlacTmYyg #MicrosoftPatch #ZeroDay
@ImperialTechSvc
11 Dec 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ 𝗖𝗜𝗦𝗔 𝗙𝗹𝗮𝗴𝘀 𝗪𝗶𝗻𝗥𝗔𝗥 𝗣𝗮𝘁𝗵 𝗧𝗿𝗮𝘃𝗲𝗿𝘀𝗮𝗹 (CVE‑2025‑6218) CVE-2025-6218 is a 𝗪𝗶𝗻𝗥𝗔𝗥 𝗽𝗮𝘁𝗵 𝘁𝗿𝗮𝘃𝗲𝗿𝘀𝗮𝗹 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶
@0x534c
11 Dec 2025
2149 Impressions
6 Retweets
39 Likes
17 Bookmarks
1 Reply
0 Quotes
WinRAR脆弱性 CVE-2025-6218 を複数グループが悪用中 https://t.co/QVjkF0vrS8 #Security #セキュリティー #ニュース
@SecureShield_
11 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups https://t.co/UMDZURGQZC @TheHackersNews aracılığıyla
@DaisiCarol88
10 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ITSecurity CVE-2025-6218 RARLAB WinRAR Path Traversal Vulnerability https://t.co/WHHLbNgIcf
@seaarepea
10 Dec 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adiciona falha crítica no WinRAR ao catálogo KEV: A vulnerabilidade CVE-2025-6218 permite execução remota de código via path traversal e está sendo explorada em campanhas de phishing por grupos como GOFFEE, Bitter e Gamaredon, afetando principalmente Windows. https://t
@caveiratech
10 Dec 2025
54 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups https://t.co/icrHlNgKgg
@buzz_sec
10 Dec 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-6218: RARLAB WinRAR Path Traversal Vulnerability has been added to the CISA KEV Catalog CVSS: 7.8 https://t.co/9idGUAIgzL
@DarkWebInformer
10 Dec 2025
4014 Impressions
3 Retweets
22 Likes
7 Bookmarks
1 Reply
0 Quotes
🛡️ We added RARLAB WinRAR path traversal vulnerability CVE-2025-6218 & Microsoft Windows use after free vulnerability CVE-2025-62221 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattack
@CISACyber
9 Dec 2025
5152 Impressions
27 Retweets
39 Likes
10 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness QuasarRAT Malware Campaign using CVE-2025-6218 | 02-12-2025 Source: https://t.co/rj9MBD5fui Key details below ↓ 💀Threats: Quasar_rat, Steganography_technique, Tinba, Kuaibu8, 🎯Victims: Coinme users 🏭Industry: Financial 🔓CVEs: ht
@rst_cloud
9 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'salary_staistics.rar' seen from Viet Nam @abuse_ch CVE-2025-6218 and CVE-2025-8088 exploit https://t.co/UHxOvLKO68 @skocherhan https://t.co/NEldvm0hEu
@smica83
7 Dec 2025
5199 Impressions
5 Retweets
36 Likes
14 Bookmarks
0 Replies
1 Quote
Gamaredon #IOCs Update (CVE-2025-6218) https://t.co/2Al0Hb0y1R https://t.co/kpxbQ7prUg
@blackorbird
3 Dec 2025
3380 Impressions
7 Retweets
31 Likes
13 Bookmarks
1 Reply
0 Quotes
Another #Gamaredon sample, seen from Ukraine. '1_11_2_1759_22.11.2025.rar' @abuse_ch CVE-2025-6218 and 8088 exploit. https://t.co/w4RthoDay9 @500mk500 https://t.co/MynufrbeC6
@smica83
25 Nov 2025
604 Impressions
3 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
'7_7_1_1454_22.11.2025.rar' seen from Ukraine @abuse_ch CVE-2025-6218 and 8088 exploit. #Gamaredon https://t.co/KvKR5lcjYW @500mk500 @skocherhan https://t.co/bxEK7GFhMb
@smica83
24 Nov 2025
1100 Impressions
2 Retweets
16 Likes
2 Bookmarks
0 Replies
0 Quotes
'7_7_1_1454_22.11.2025.rar' seen from Ukraine @abuse_ch CVE-2025-6218 and 8088 exploit. https://t.co/KvKR5lcjYW @500mk500 @skocherhan https://t.co/mshvPAPX5W
@smica83
24 Nov 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This is a current #Gamaredon sample as CVE-2025-6218, 8088 from Ukraine @abuse_ch https://t.co/6aYiY4sspu @500mk500 @skocherhan https://t.co/GwfOFFI9Vb
@smica83
23 Nov 2025
600 Impressions
1 Retweet
7 Likes
2 Bookmarks
0 Replies
0 Quotes
'333.rar' seen from Russia and Tajikistan, as a CVE-2025-6218 and 8088 exploit @abuse_ch https://t.co/nCUbrtx2aU @500mk500 @skocherhan https://t.co/jRhcCYQXxO
@smica83
23 Nov 2025
1619 Impressions
1 Retweet
8 Likes
1 Bookmark
0 Replies
1 Quote
Top 5 Trending CVEs: 1 - CVE-2025-50165 2 - CVE-2025-6218 3 - CVE-2025-27591 4 - CVE-2025-4427 5 - CVE-2025-31161 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
22 Nov 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Daily #Gamaredon '8_3_7_1304_21.11.2025.rar' @abuse_ch https://t.co/mYkwyfvTbD CVE-2025-6218 and 8088 exploit https://t.co/RN4YkhaQme
@smica83
21 Nov 2025
1124 Impressions
4 Retweets
13 Likes
4 Bookmarks
1 Reply
0 Quotes
Another CVE-2025-6218 and 8088 exploit seen from Peru @abuse_ch https://t.co/FWWSXQdEzC https://t.co/qt3kyRmUdY
@smica83
21 Nov 2025
1133 Impressions
0 Retweets
19 Likes
8 Bookmarks
2 Replies
0 Quotes
CVE-2025-6218 and 8088 exploit from Russia @abuse_ch https://t.co/6V74DANGgV https://t.co/FBsNtrKdCM
@smica83
20 Nov 2025
40166 Impressions
28 Retweets
317 Likes
233 Bookmarks
2 Replies
1 Quote
RAR file with CVE-2025-6218 and 8088 exploit seen from Ukraine, with Slovakian government lure @abuse_ch https://t.co/4or1kSpait @skocherhan @500mk500 https://t.co/bagYpE14Vi
@smica83
18 Nov 2025
598 Impressions
2 Retweets
7 Likes
0 Bookmarks
0 Replies
1 Quote
'6_3_4_4265_17.11.2025.rar' is #Gamaredon, seen from Ukraine @abuse_ch https://t.co/5tDYyYeifU CVE-2025-6218 and 8088 @500mk500 https://t.co/AVKBAmWcbI
@smica83
18 Nov 2025
444 Impressions
2 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
'exploit.rar' seen from Russia @abuse_ch https://t.co/hlytx5AP9y CVE-2025-6218 and 8088 https://t.co/cLY3e22bgF
@smica83
16 Nov 2025
326 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
'Coinme2.rar' @abuse_ch https://t.co/nqmw94Jtaw CVE-2025-6218 and 8088 exploit https://t.co/l2CuCbYLEi
@smica83
16 Nov 2025
495 Impressions
3 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian APT group Primitive Bear (Gamaredon) is now actively exploiting the new WinRAR vulnerability CVE-2025-6218. The group uses spear-phishing with Ukrainian military/government lures and drops HTA loaders directly into the Windows Startup folder via path traversal. I analyzed
@Mr128BitSec
14 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'Urheber-Lisa.rar' seen from Austria @abuse_ch https://t.co/ZRNNytXpPZ CVE-2025-6218 and 8088 exploit https://t.co/wj5jrPMnNa
@smica83
13 Nov 2025
209 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Daily #Gamaredon sample @abuse_ch '2_1_1_7755_12.11.2025.rar' https://t.co/rthqarDDM7 Of course it's CVE-2025-6218 and 8088 exploit. @500mk500 https://t.co/FTBbxbH5f9
@smica83
13 Nov 2025
239 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
'2_1_1_7755_11.11.2025.rar' as a #Gamaredon sample again, seen from Ukraine today @abuse_ch https://t.co/vYyQdGTZtj CVE-2025-8088 CVE-2025-6218 @500mk500 https://t.co/PzRNOp6u6C
@smica83
12 Nov 2025
533 Impressions
3 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-8088 and CVE-2025-6218 'KrakenVM_2.rar' seen from Bosnia and Herzegovina @abuse_ch https://t.co/KYB1WSoLIw Looks like #AsyncRAT inside. https://t.co/hasA9JeDc7
@smica83
12 Nov 2025
237 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
برای Winrar آسیب پذیری جدیدی با کد شناسایی CVE-2025-6218 از نوع path traversal منتشر شده است. نسخه 7.11 و ورژن های قبل Winrar دارای این آسیب پذیری می باشند. برای امن سازی update کنی
@EthicalSafe
11 Nov 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
南アジア政府機関を標的にAPT-C-08(BITTER)がWinRAR脆弱性を悪用。RAR展開だけで感染が広がる深刻事態である。 APT-C-08は政治的動機を持つ南アジア系のサイバー諜報組織で、今回初めてWinRARのディレクトリトラ
@yousukezan
11 Nov 2025
1221 Impressions
3 Retweets
8 Likes
2 Bookmarks
0 Replies
0 Quotes
Use "7z l -sns" to list any Alternate Data Streams (ADS) contained in a RAR file #Malware CVE-2025-6218 CVE-2025-8088 https://t.co/BPJFKLQSTp
@ochsenmeier
11 Nov 2025
3559 Impressions
8 Retweets
62 Likes
23 Bookmarks
1 Reply
0 Quotes
Still low detected one since August: 'portfolio.rar' seen from Poland @abuse_ch https://t.co/vP3d5KmWC0 CVE-2025-6218 CVE-2025-8088 @hasherezade https://t.co/CD6e2lSSSI
@smica83
11 Nov 2025
237 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 exploit, named 'Resume.rar' seen from Pakistan @abuse_ch https://t.co/OGCdCdRCwe https://t.co/IaWvBRqNoj
@smica83
11 Nov 2025
217 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 continuously exploited by #Gamaredon in Ukraine. 3 samples from today: https://t.co/lELwXJOdfk https://t.co/D3EPYtWLiy https://t.co/9x6nMGB0i8 @500mk500 @Dixit_404 @skocherhan https://t.co/0U1IF5Pp6w
@smica83
11 Nov 2025
1494 Impressions
5 Retweets
18 Likes
7 Bookmarks
0 Replies
0 Quotes
Cybersecurity experts warn that the APT-C-08 group has launched its first attack using the WinRAR vulnerability CVE-2025-6218, highlighting the need for vigilance. #cybersecurity #APT #WinRAR https://t.co/YNLNoXPaBO
@Cyber_O51NT
11 Nov 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Alert! APT-C-08 (Manlinghua) group first used WinRAR vulnerability CVE-2025-6218 to carry out cyber attacks. | 07-11-2025 Source: https://t.co/4HCTfR7p0V Key details below ↓ 🧑💻Actors/Campaigns: Bitter 🔓CVEs: CVE-2025-6218 https://t.c
@rst_cloud
8 Nov 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#bitter Group used the WinRAR vulnerability CVE-2025-6218. When users decompress with a vulnerable WinRAR version, the special paths (constructed with ".. " spaces) in the compressed package release the malicious file Normal.dotm to https://t.co/3kUMljV3Ih
@blackorbird
7 Nov 2025
6917 Impressions
24 Retweets
75 Likes
40 Bookmarks
1 Reply
0 Quotes
⚠️ WinRAR 0day RCE exploit listed for $80K A threat actor named “zeroplayer” offered a WinRAR zero-day remote code-execution exploit on a dark web forum for $80k, targeting versions up to the latest release. This vulnerability is distinct from the earlier CVE-2025-6218
@ransomnews
9 Sept 2025
216 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
WinRAR のゼロデイ脆弱性 CVE-2025-6218/8088:ポストエクスプロイトを想定して取るべき行動とは? https://t.co/vArDGzDM0M WinRAR のゼロデイ悪用に成功した攻撃者が、取り得る動きを丁寧に追っている記事です。ポスト
@iototsecnews
8 Sept 2025
106 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 are two critical zero-day vulnerabilities affecting WinRAR. Learn everything about them in our latest Issue. Read it now on ZINIO. https://t.co/KWAzT5ZNrm #cybersecurity #cybersec #infosec #pentesting #cve-2025-6218 #CVE-2025-8088 #WinRAR-0-day
@Hackercool_mag
7 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WinRAR users beware two critical vulnerabilities CVE-2025-6218 and CVE-2025-8088 allow attackers to write files outside intended extraction directories leading to persistent infections and remote code execution in enterprise environments. CVE-2025-6218 is a traditional
@Tudorel92659164
26 Aug 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two high-severity vulnerabilities in WinRAR (CVE-2025-6218 & CVE-2025-8088) allow attackers to exploit path traversal and NTFS ADS for stealthy persistence and RCE, with active exploitation observed by threat actors like RomCom. #CyberSecurity #WinRAR https://t.co/iux0iDWr2U
@Cyber_O51NT
26 Aug 2025
240 Impressions
1 Retweet
3 Likes
1 Bookmark
1 Reply
0 Quotes
ハッカー グループがWinRARの脆弱性をサイバー攻撃へ悪用(CVE-2025-6218) #セキュリティ対策Lab #セキュリティ #Security https://t.co/eukgpH5mCy
@securityLab_jp
25 Aug 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5B3E0ED-B444-468E-804E-7664C75CE9EA",
"versionEndExcluding": "7.12"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]