CVE-2025-6218
Description
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
Threat Intelligence
- Added
- Dec 9, 2025
- Due
- Dec 30, 2025
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weaknesses 1
Affected Products 2
References 5
- foresiet.com https://foresiet.com/blog/apt-c-08-winrar-directory-traversal-exploit/
- cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6218
- secpod.com https://www.secpod.com/blog/archive-terror-dissecting-the-winrar-cve-2025-6218-exploit-apt-c-08s-stealth-move/
- win-rar.com https://www.win-rar.com/singlenewsview.html?&tx_ttnews%5Btt_news%5D=276&cHash=388885bd3908a40726f535c026f94eb6
- zerodayinitiative.com https://www.zerodayinitiative.com/advisories/ZDI-25-409/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.