Vulnerability cyber

RARLAB

Jun 24, 2025 1 min read
RARLAB

A severe security vulnerability (CVE-2025-6218) in WinRAR allows attackers to execute arbitrary code via specially crafted archive files. This vulnerability, with a CVSS score of 7.8, affects the handling of directory paths within archive files, leading to remote code execution when users interact with malicious files. Exploitation requires user action, such as downloading or opening a malicious archive or visiting a compromised webpage. The flaw enables attackers to write files to unintended directories, potentially leading to complete system compromise. RARLAB has released a security update to address this issue, and users are advised to upgrade to the latest version promptly.

Source: https://cybersecuritynews.com/winrar-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/win.rar-gmbh

"id": "win901062425",
"linkid": "win.rar-gmbh",
"type": "Vulnerability",
"date": "6/2025",
"severity": "50",
"impact": "",
"explanation": "Attack without any consequences: Attack in which ordinary material is compromised, but no information had been stolen"
{'affected_entities': [{'industry': 'Software',
                        'name': 'RARLAB',
                        'type': 'Software Company'}],
 'attack_vector': ['malicious archive files', 'compromised webpages'],
 'date_resolved': '2025-06-19',
 'description': 'A high-severity flaw (CVE-2025-6218) in WinRAR allows '
                'attackers to execute arbitrary code by exploiting how the '
                'software handles file paths within archives. The '
                'vulnerability enables attackers to use specially crafted '
                'archive files with directory traversal sequences, leading to '
                'remote code execution. Exploitation depends on user action, '
                'such as downloading or opening a malicious archive or '
                'visiting a compromised webpage. RARLAB has released a '
                'security update; users should promptly upgrade WinRAR to the '
                'latest version to protect their systems.',
 'lessons_learned': 'Promptly update software to the latest versions to '
                    'mitigate known vulnerabilities.',
 'post_incident_analysis': {'corrective_actions': 'Update to WinRAR 7.11',
                            'root_causes': "Vulnerability in WinRAR's file "
                                           'path handling routines.'},
 'recommendations': 'Users should update to WinRAR 7.11 to protect their '
                    'systems from exploitation.',
 'response': {'remediation_measures': 'Update to WinRAR 7.11'},
 'title': 'WinRAR Remote Code Execution Vulnerability (CVE-2025-6218)',
 'type': 'Remote Code Execution (RCE)',
 'vulnerability_exploited': 'CVE-2025-6218'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.