AI description
CVE-2025-6218 is a directory traversal remote code execution vulnerability that affects RARLAB WinRAR. It allows remote attackers to execute arbitrary code on affected installations. Exploitation of this vulnerability requires user interaction, as the target must visit a malicious page or open a malicious file. The vulnerability lies in how WinRAR handles file paths within archive files, where a specially crafted file path can cause the process to traverse to unintended directories. By leveraging this vulnerability, an attacker can execute code within the security context of the current user.
- Description
- RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Analyzed
- Products
- winrar
CVSS 3.0
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Path Traversal Vulnerability
- Exploit added on
- Dec 9, 2025
- Exploit action due
- Dec 30, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- zdi-disclosures@trendmicro.com
- CWE-22
- Hype score
- Not currently trending
'sample_credential zip' is a RAR archive, seen from Slovakia, Switzerland, Germany and the UK @abuse_ch https://t.co/eP1rYySPA1 CVE-2025-6218 and 8088 exploit. URL: hxxps://raw.githubusercontent(.)com/stealabrainrotscripts-tech/DiscordBot/refs/heads/main/DiscordBot.txt https:
@smica83
26 Jan 2026
1725 Impressions
4 Retweets
8 Likes
1 Bookmark
0 Replies
1 Quote
'1_18_1_1052_21.01.2026.rar' as a daily #Gamaredon seen from Ukraine @abuse_ch https://t.co/7Io7CFQ3M1 CVE-2025-6218 and 8088 exploit. @500mk500 https://t.co/Hkb1EGjcOQ
@smica83
21 Jan 2026
434 Impressions
1 Retweet
5 Likes
0 Bookmarks
0 Replies
0 Quotes
'Coinbase Vmed Lines ( Data ) zip' @abuse_ch https://t.co/tq3b9h7nDL CVE-2025-6218 and 8088 exploit. https://t.co/O4p8tJQbRP
@smica83
17 Jan 2026
435 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
Daily #Gamaredon seen from Ukraine. '1_11_5_1761_14.01.2026.rar' @abuse_ch https://t.co/SenYccRRd1 Usual CVE-2025-6218 and 8088 exploit. @500mk500 https://t.co/br5R0InJCh
@smica83
14 Jan 2026
422 Impressions
1 Retweet
9 Likes
1 Bookmark
0 Replies
0 Quotes
'P_260112_1.rar' CVE-2025-6218 and 8088 exploit seen from Russia @abuse_ch https://t.co/jN7Rxoc7OR https://t.co/jULHMHDj6H
@smica83
13 Jan 2026
1219 Impressions
3 Retweets
8 Likes
3 Bookmarks
0 Replies
0 Quotes
'calling.rar' CVE-2025-6218 and 8088 exploit seen from Sweden @abuse_ch https://t.co/i0OEyBk2nf https://t.co/9NNwFlb6wb
@smica83
13 Jan 2026
257 Impressions
0 Retweets
2 Likes
3 Bookmarks
0 Replies
0 Quotes
'Ledger 2026 Global-e zip' as a RAR file, CVE-2025-6218 and 8088 exploit. Seen from Slovenia. @abuse_ch https://t.co/fRSw9J6D0C Maybe it's a campaign to take advantage of the Ledger Global-e data leak incident. @skocherhan https://t.co/M05ngaRQeE
@smica83
13 Jan 2026
1050 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
1 Quote
#threatreport #LowCompleteness Defending Against Gamaredon: Practical Controls That Actually Work | 08-01-2026 Source: https://t.co/baIPrIFxnC Key details below ↓ 🧑💻Actors/Campaigns: Gamaredon 💀Threats: Spear-phishing_technique, Gamaload, 🔓CVEs: CVE-2025-6218
@rst_cloud
9 Jan 2026
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
'solty_futerIL_doxxed_by_Lux.rar' a CVE-2025-6218 and 8088 exploit, seen from Israel @abuse_ch https://t.co/lnfYoY7YsK Source from: https://t.co/uth77MIkuX
@smica83
8 Jan 2026
610 Impressions
3 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
16 new OPEN, 16 new PRO (16 + 0) GhostFrame, Lumma Stealer, several CVEs (CVE-2024-45242, CVE-2024-53939, CVE-2024-53940, CVE-2024-53944, CVE-2024-53942, CVE-2025-43989 and CVE-2025-6218) and more. Thanks @malware_traffic https://t.co/XeGOQ3ewuz
@ET_Labs
6 Jan 2026
174 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
'salary_statistics.rar' seen from Viet Nam @abuse_ch https://t.co/HyELNalfFL CVE-2025-6218 and 8088 exploit. https://t.co/KwkEWU1qZf
@smica83
6 Jan 2026
1510 Impressions
8 Retweets
25 Likes
6 Bookmarks
0 Replies
0 Quotes
'data zip' CVE-2025-6218 and CVE-2025-8088 exploit seen from Bulgaria @abuse_ch https://t.co/fF82GcFdN5 https://t.co/xl64oBbQme
@smica83
4 Jan 2026
330 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Path Traversal Vulnerability in WinRAR (CVE-2025-6218) Exploit🚨 WinRAR ≤ 7.11 allows attackers to execute code via malicious RAR files. Update to v7.12 ASAP to stay secure! 🔗 Learn more: https://t.co/fJZGsyvw8R #CVE2025 #WinRAR #CyberSecurity #SecurityUpdate #PatchN
@KillerFungi2022
27 Dec 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT #Gamaredon christmas update from Ukraine, with CVE-2025-6218 and 8088 exploits. Samples @abuse_ch '1_11_2_1984_25.12.2025.rar' https://t.co/9jkk4bYoHZ '4_18_2_1955_25.12.2025.rar' https://t.co/zFyQjgXUG2 @500mk500 https://t.co/tcLjKJNTLX
@smica83
25 Dec 2025
645 Impressions
0 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
APT #Gamaredon daily update from Ukraine, with CVE-2025-6218 and 8088 exploits. Samples @abuse_ch '4_15_1_1675_22.12.2025.rar' https://t.co/7nY8JtrzZs '5_18_5_1980_22.12.2025.rar' https://t.co/D9ECj0ZORP @500mk500 @skocherhan https://t.co/yq3jV7RePL
@smica83
22 Dec 2025
570 Impressions
2 Retweets
6 Likes
3 Bookmarks
0 Replies
0 Quotes
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups The U.S. Cybersecurity and Infras 𝗦𝘁𝗮𝘆 𝗶𝗻𝗳𝗼𝗿𝗺𝗲𝗱. 𝗛𝗶𝘁 𝘁𝗵𝗲 𝗳𝗼𝗹𝗹𝗼𝘄 𝗯𝘂𝘁𝘁𝗼𝗻! @thehackersnews @edgeitech
@Edgeitech
19 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT #Gamaredon started operations again in Ukraine, with CVE-2025-6218 and 8088 exploits. Samples @abuse_ch '4_11_7_1113_19.12.2025.rar' https://t.co/SrURRp7wQG '1_11_9_1391_19.12.2025.rar' https://t.co/Nt8ZHYMNED @500mk500 @skocherhan https://t.co/KoAc0lPxXf
@smica83
19 Dec 2025
943 Impressions
7 Retweets
12 Likes
2 Bookmarks
0 Replies
0 Quotes
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups https://t.co/6Wiy8PhEo0 via @TheHackersNews
@JackyChun96
18 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
اذا كنت تستخدم برنامج WinRAR على نظام Windows، توقف عما تفعله حالاً. هناك ثغرة أمنية خطيرة للغاية (تحمل الرمز CVE-2025-6218) ي 🛡️ الحل (افعل هذا الآن): 1️⃣ افتح برنام
@RYMufWU8AAKxgoh
18 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'heyfes.rar' seen from Finland @abuse_ch https://t.co/Ry07qpSh98 CVE-2025-6218 and 8088 exploit https://t.co/vsMJXNo1dS
@smica83
17 Dec 2025
305 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'4_5886570468093206183 (1).rar' is a CVE-2025-6218 and 8088 exploit. Seen from Germany @abuse_ch https://t.co/GGfz1wIg1K @skocherhan @500mk500 https://t.co/1VZdSWFOyg
@smica83
16 Dec 2025
1134 Impressions
3 Retweets
11 Likes
2 Bookmarks
0 Replies
1 Quote
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups WinRAR Vulnerability CVE-2025-6218: U.S. CISA warns of active exploitation, citing evidence of path traversal bug. CVSS score: 7.8. WinRAR users, take immediate action to patch and secure h
@HackonomicNews
13 Dec 2025
37 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 Urgent warning! A critical WinRAR vulnerability (CVE-2025-6218) is actively being exploited by multiple threat groups. Update your software NOW to stay safe! #WinRAR #CyberAttack https://t.co/dVB2aqkNrw
@xcybersecnews
12 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns WinRAR CVE-2025-6218 is under active attack by multiple threat groups, requiring federal by Dec. 30, 2025.
@1cebi
12 Dec 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA WinRAR CVE-2025-6218 is under active attack by multiple threat groups, requiring federal fixes by Dec. 30, 2025.
@JackilynMegham
12 Dec 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ WinRAR's CVE-2025-6218 vulnerability is still lurking around despite a patch! Don't let your files take a detour into danger—update now! #WinRAR #CVE2025 #CyberSecurity https://t.co/3EquR4Vn7j
@windowsforum
11 Dec 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft's December finale patches 56 bugs across Windows—3 Critical, including Office preview pane RCEs (CVE-2025-62554/57). One zero-day (WinRAR path traversal CVE-2025-6218) already in the wild per CISA. Update stat! https://t.co/3rlacTmYyg #MicrosoftPatch #ZeroDay
@ImperialTechSvc
11 Dec 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ 𝗖𝗜𝗦𝗔 𝗙𝗹𝗮𝗴𝘀 𝗪𝗶𝗻𝗥𝗔𝗥 𝗣𝗮𝘁𝗵 𝗧𝗿𝗮𝘃𝗲𝗿𝘀𝗮𝗹 (CVE‑2025‑6218) CVE-2025-6218 is a 𝗪𝗶𝗻𝗥𝗔𝗥 𝗽𝗮𝘁𝗵 𝘁𝗿𝗮𝘃𝗲𝗿𝘀𝗮𝗹 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶
@0x534c
11 Dec 2025
2149 Impressions
6 Retweets
39 Likes
17 Bookmarks
1 Reply
0 Quotes
WinRAR脆弱性 CVE-2025-6218 を複数グループが悪用中 https://t.co/QVjkF0vrS8 #Security #セキュリティー #ニュース
@SecureShield_
11 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups https://t.co/UMDZURGQZC @TheHackersNews aracılığıyla
@DaisiCarol88
10 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ITSecurity CVE-2025-6218 RARLAB WinRAR Path Traversal Vulnerability https://t.co/WHHLbNgIcf
@seaarepea
10 Dec 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adiciona falha crítica no WinRAR ao catálogo KEV: A vulnerabilidade CVE-2025-6218 permite execução remota de código via path traversal e está sendo explorada em campanhas de phishing por grupos como GOFFEE, Bitter e Gamaredon, afetando principalmente Windows. https://t
@caveiratech
10 Dec 2025
54 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups https://t.co/icrHlNgKgg
@buzz_sec
10 Dec 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-6218: RARLAB WinRAR Path Traversal Vulnerability has been added to the CISA KEV Catalog CVSS: 7.8 https://t.co/9idGUAIgzL
@DarkWebInformer
10 Dec 2025
4014 Impressions
3 Retweets
22 Likes
7 Bookmarks
1 Reply
0 Quotes
🛡️ We added RARLAB WinRAR path traversal vulnerability CVE-2025-6218 & Microsoft Windows use after free vulnerability CVE-2025-62221 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattack
@CISACyber
9 Dec 2025
5152 Impressions
27 Retweets
39 Likes
10 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness QuasarRAT Malware Campaign using CVE-2025-6218 | 02-12-2025 Source: https://t.co/rj9MBD5fui Key details below ↓ 💀Threats: Quasar_rat, Steganography_technique, Tinba, Kuaibu8, 🎯Victims: Coinme users 🏭Industry: Financial 🔓CVEs: ht
@rst_cloud
9 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'salary_staistics.rar' seen from Viet Nam @abuse_ch CVE-2025-6218 and CVE-2025-8088 exploit https://t.co/UHxOvLKO68 @skocherhan https://t.co/NEldvm0hEu
@smica83
7 Dec 2025
5199 Impressions
5 Retweets
36 Likes
14 Bookmarks
0 Replies
1 Quote
Gamaredon #IOCs Update (CVE-2025-6218) https://t.co/2Al0Hb0y1R https://t.co/kpxbQ7prUg
@blackorbird
3 Dec 2025
3380 Impressions
7 Retweets
31 Likes
13 Bookmarks
1 Reply
0 Quotes
Another #Gamaredon sample, seen from Ukraine. '1_11_2_1759_22.11.2025.rar' @abuse_ch CVE-2025-6218 and 8088 exploit. https://t.co/w4RthoDay9 @500mk500 https://t.co/MynufrbeC6
@smica83
25 Nov 2025
604 Impressions
3 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
'7_7_1_1454_22.11.2025.rar' seen from Ukraine @abuse_ch CVE-2025-6218 and 8088 exploit. #Gamaredon https://t.co/KvKR5lcjYW @500mk500 @skocherhan https://t.co/bxEK7GFhMb
@smica83
24 Nov 2025
1100 Impressions
2 Retweets
16 Likes
2 Bookmarks
0 Replies
0 Quotes
'7_7_1_1454_22.11.2025.rar' seen from Ukraine @abuse_ch CVE-2025-6218 and 8088 exploit. https://t.co/KvKR5lcjYW @500mk500 @skocherhan https://t.co/mshvPAPX5W
@smica83
24 Nov 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This is a current #Gamaredon sample as CVE-2025-6218, 8088 from Ukraine @abuse_ch https://t.co/6aYiY4sspu @500mk500 @skocherhan https://t.co/GwfOFFI9Vb
@smica83
23 Nov 2025
600 Impressions
1 Retweet
7 Likes
2 Bookmarks
0 Replies
0 Quotes
'333.rar' seen from Russia and Tajikistan, as a CVE-2025-6218 and 8088 exploit @abuse_ch https://t.co/nCUbrtx2aU @500mk500 @skocherhan https://t.co/jRhcCYQXxO
@smica83
23 Nov 2025
1619 Impressions
1 Retweet
8 Likes
1 Bookmark
0 Replies
1 Quote
Top 5 Trending CVEs: 1 - CVE-2025-50165 2 - CVE-2025-6218 3 - CVE-2025-27591 4 - CVE-2025-4427 5 - CVE-2025-31161 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
22 Nov 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Daily #Gamaredon '8_3_7_1304_21.11.2025.rar' @abuse_ch https://t.co/mYkwyfvTbD CVE-2025-6218 and 8088 exploit https://t.co/RN4YkhaQme
@smica83
21 Nov 2025
1124 Impressions
4 Retweets
13 Likes
4 Bookmarks
1 Reply
0 Quotes
Another CVE-2025-6218 and 8088 exploit seen from Peru @abuse_ch https://t.co/FWWSXQdEzC https://t.co/qt3kyRmUdY
@smica83
21 Nov 2025
1133 Impressions
0 Retweets
19 Likes
8 Bookmarks
2 Replies
0 Quotes
CVE-2025-6218 and 8088 exploit from Russia @abuse_ch https://t.co/6V74DANGgV https://t.co/FBsNtrKdCM
@smica83
20 Nov 2025
40166 Impressions
28 Retweets
317 Likes
233 Bookmarks
2 Replies
1 Quote
RAR file with CVE-2025-6218 and 8088 exploit seen from Ukraine, with Slovakian government lure @abuse_ch https://t.co/4or1kSpait @skocherhan @500mk500 https://t.co/bagYpE14Vi
@smica83
18 Nov 2025
598 Impressions
2 Retweets
7 Likes
0 Bookmarks
0 Replies
1 Quote
'6_3_4_4265_17.11.2025.rar' is #Gamaredon, seen from Ukraine @abuse_ch https://t.co/5tDYyYeifU CVE-2025-6218 and 8088 @500mk500 https://t.co/AVKBAmWcbI
@smica83
18 Nov 2025
444 Impressions
2 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
'exploit.rar' seen from Russia @abuse_ch https://t.co/hlytx5AP9y CVE-2025-6218 and 8088 https://t.co/cLY3e22bgF
@smica83
16 Nov 2025
326 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5B3E0ED-B444-468E-804E-7664C75CE9EA",
"versionEndExcluding": "7.12"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]