CVE-2025-6218

Published Jun 21, 2025

Last updated 2 months ago

CVSS high 7.8
WinRAR

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-6218 is a directory traversal remote code execution vulnerability that affects RARLAB WinRAR. It allows remote attackers to execute arbitrary code on affected installations. Exploitation of this vulnerability requires user interaction, as the target must visit a malicious page or open a malicious file. The vulnerability lies in how WinRAR handles file paths within archive files, where a specially crafted file path can cause the process to traverse to unintended directories. By leveraging this vulnerability, an attacker can execute code within the security context of the current user.

Description
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
Source
zdi-disclosures@trendmicro.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

zdi-disclosures@trendmicro.com
CWE-22

Social media

Hype score
Not currently trending

  1. WinRAR users beware two critical vulnerabilities CVE-2025-6218 and CVE-2025-8088 allow attackers to write files outside intended extraction directories leading to persistent infections and remote code execution in enterprise environments. CVE-2025-6218 is a traditional

    @Tudorel92659164

    26 Aug 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Two high-severity vulnerabilities in WinRAR (CVE-2025-6218 & CVE-2025-8088) allow attackers to exploit path traversal and NTFS ADS for stealthy persistence and RCE, with active exploitation observed by threat actors like RomCom. #CyberSecurity #WinRAR https://t.co/iux0iDWr2U

    @Cyber_O51NT

    26 Aug 2025

    240 Impressions

    1 Retweet

    3 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  3. ハッカー グループがWinRARの脆弱性をサイバー攻撃へ悪用(CVE-2025-6218) #セキュリティ対策Lab #セキュリティ #Security https://t.co/eukgpH5mCy

    @securityLab_jp

    25 Aug 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. The https://t.co/feern4lowH Threat Intelligence team reported that the Paper Werewolf group exploited a WinRAR zero-day vulnerability, CVE-2025-6218, in targeted phishing attacks against Russian entities in July 2025. #CyberSecurity #ThreatIntel https://t.co/5DeHRWk2cb

    @Cyber_O51NT

    20 Aug 2025

    149 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Dangerous zero-day remote code execution (RCE) vulnerability in WinRAR, tracked as CVE-2025-6218 with a CVSS score of 7.8, is now being sold on the dark web.@KeCIRT @CA_Kenya @kcsfa @CSAGhana @NSACyber @MichelleNgele_ https://t.co/Isa5F0Ku8q

    @Ke_Cyber

    12 Aug 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. WinRAR zero-day CVE-2025-8088 - our detections New YARA catching ADS-based path traversal in RAR archives dropping into Startup: https://t.co/cihrKr1rDi by Arnim Rupp CVE-2025-6218) detects WinRAR/Rar.exe writing into Startup. Same effect here – so it also fires. We’ll prom

    @nextronresearch

    11 Aug 2025

    12882 Impressions

    19 Retweets

    46 Likes

    17 Bookmarks

    0 Replies

    2 Quotes

  7. #VulnerabilityReport #CompressionUtility CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution https://t.co/baFJgkIFls

    @Komodosec

    30 Jul 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. WinRAR CVE-2025-6218 Detection A KQL query designed to monitor for potential exploitation of CVE-2025-6218—a directory traversal vulnerability in WinRAR—until the affected infrastructure is fully patched and secured. https://t.co/1Suu7h9YON https://t.co/KCPYjFdaqG

    @0x534c

    14 Jul 2025

    2950 Impressions

    12 Retweets

    56 Likes

    24 Bookmarks

    1 Reply

    0 Quotes

  9. WinRARにおいて新たなゼロデイ脆弱性が発見され、ダークウェブで約8万ドルで販売されている。脆弱性は既知のCVE-2025-6218とは別のもので、最新および旧バージョンのWinRARに影響を与え、リモートコード実行を

    @yousukezan

    14 Jul 2025

    3985 Impressions

    15 Retweets

    33 Likes

    8 Bookmarks

    0 Replies

    1 Quote

  10. A single archive file could compromise your system!🚨 A critical vulnerability (CVE-2025-6218) in WinRAR ≤ 7.11 allows attackers to run malicious code without admin access. Secure your systems with Cynical Technology. 📩 info@cynicaltechnology.com 🌐 https://t.co/Apwac

    @cynical_sec

    10 Jul 2025

    19 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. #Poc CVE-2025-6218 WinRAR Directory Traversal | RCE https://t.co/WYqUbQQqiK #winrar #RCE https://t.co/py9SlFgn7L

    @absholi7ly

    10 Jul 2025

    104 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-6218: RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. https://t.co/MsHLvYoVXo https://t.co/Cq1hfBYtrz

    @cyber_advising

    3 Jul 2025

    2143 Impressions

    14 Retweets

    23 Likes

    17 Bookmarks

    0 Replies

    0 Quotes

  13. If you haven’t updated WinRAR yet - do it NOW. There are some Security Fixes that you need to consider. (CVE-2025-6218 with CVSS Score 7.8 - High) https://t.co/f1gmbfbnTA #Windows #WinRAR

    @0x5h4d0w_

    2 Jul 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ⚠️ Atualize já o WinRAR para a versão 7.12! Essa atualização corrige uma falha grave (CVE-2025-6218) que poderia permitir extração de arquivos maliciosos em pastas sensíveis, protegendo seu PC contra ataques. https://t.co/69dqEKjOfK

    @j_a_p_a_h__

    29 Jun 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨⌛️Se ha corregido una vulnerabilidad crítica en WinRAR (CVE-2025-6218) que permite la ejecución remota de malware al extraer archivos comprimidos. Se recomienda actualizar a la versión 7.12 para garantizar la seguridad de sus sistemas: https://t.co/zdcoYSs36c #WinRAR

    @henryraul

    29 Jun 2025

    168 Impressions

    10 Retweets

    19 Likes

    1 Bookmark

    0 Replies

    1 Quote

  16. GitHub - speinador/CVE-2025-6218_WinRAR - https://t.co/JKSLZ2JgBk

    @piedpiper1616

    27 Jun 2025

    1434 Impressions

    13 Retweets

    32 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  17. 📌 Critical vulnerability in WinRAR (CVE-2025-6218) allows attackers to execute arbitrary code via malicious compressed files. User interaction required. #CyberSecurity #WinRAR https://t.co/hjBDO2esPH https://t.co/99DkDUddww

    @CyberHub_blog

    26 Jun 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. The flaw tracked as CVE-2025-6218 and assigned a CVSS score of 7.8. https://t.co/eaK8XSDyGH htt

    @riskigy

    26 Jun 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. https://t.co/Lh0QiirTAO

    @blackwired32799

    26 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 解凍ソフト WinRARでリモートコード実行の可能性がある脆弱性(CVE-2025-6218) #セキュリティ対策Lab #セキュリティ #Security https://t.co/BuwEnV4pfi

    @securityLab_jp

    25 Jun 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Vulnerabilidad de alto riesgo de WinRAR RCE corregida. ¡Actualice pronto! (CVE-2025-6218). Dado que WinRAR no tiene una función de actualización automática, los usuarios deben descargar e instalar manualmente la última versión disponible. #cybersecurity https://t.co/ZWmM

    @EHCGroup

    25 Jun 2025

    17 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. WinRAR has issued a security update for version 7.12 beta 1 to fix CVE-2025-6218, a high-severity vulnerability allowing malicious archives to execute code or steal data on Windows systems. Stay safe! 🚨 #WinRAR #SecurityFix #Japan https://t.co/5Ah5CV3xVa

    @TweetThreatNews

    25 Jun 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. WinRAR patches critical security flaw CVE-2025-6218 allowing malware execution. Learn more at: https://t.co/fKeY5zz0Ey #Cybersecurity #InfoSec #MalwarePrevention

    @threatlight

    25 Jun 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. WinRAR Flaw (CVE-2025-6218): Remote Code Execution via Directory Traversal, Patch Available! https://t.co/W6tx8jpXtZ

    @the_yellow_fall

    25 Jun 2025

    493 Impressions

    6 Retweets

    9 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  25. یک آسیب پذیری از نوع Directory Traversal و با شناسه ی CVE-2025-6218 و امتیاز 7.8 در WinRAR گزارش و اصلاح شده، که امکان RCE رو به مهاجم میده. آسیب پذیری در مدیریت مسیر فایل در داخل

    @LastStandNews24

    25 Jun 2025

    432 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  26. ⚠️Vulnerabilidad en software WinRAR ❗CVE-2025-6218 ➡️Más info: https://t.co/gg4db6v9fo https://t.co/A28rY1C7fl

    @CERTpy

    24 Jun 2025

    244 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218): https://t.co/xBmPD9cV4g

    @CyberBitess

    24 Jun 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. High-risk WinRAR RCE vulnerability patched, update now CVE-2025-6218 is a critical directory traversal vulnerability in WinRAR, discovered by "whs3-detonator" via Trend Micro’s Zero Day Initiative. It affects WinRAR v7.11 and earlier on Windows, allowing attackers to execute h

    @dCypherIO

    24 Jun 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. High-risk #WinRAR RCE #vulnerability patched, update quickly! (#CVE-2025-6218) https://t.co/3IMCzfGphU

    @ScyScan

    24 Jun 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 Alerta WinRAR! Milhões em risco com nova falha RCE (CVE-2025-6218). Atualize para a versão 7.12 Beta 1 ou mais recente AGORA! 🛡️ Não baixe arquivos de fontes desconhecidas. #Cybersecurity #WinRAR #Vulnerability https://t.co/1q8eTe8MvH

    @fernandokarl

    24 Jun 2025

    18 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  31. A flaw (CVE-2025-6218, CVSS 7.8) in WinRAR allows remote code execution via directory traversal when opening crafted archives. Update to 7.12 Beta 1 immediately! #WinRAR #RCE #Cybersecurity #Vulnerability #PatchNow https://t.co/0FarkOBjjP

    @the_yellow_fall

    24 Jun 2025

    697 Impressions

    4 Retweets

    13 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.