← back
CVE-2025-6218

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability

CVSS 7.8 HIGHEPSS 86.2%● KEVCWE-22
In short

WinRAR has a flaw that lets attackers execute harmful code when you open a specially crafted archive file. The vulnerability happens because WinRAR doesn't properly validate file paths inside archives, allowing attackers to place files in unintended locations on your computer.

Technical detail

A directory traversal vulnerability in WinRAR's archive file handling allows remote code execution through a crafted file path that escapes intended directories. The attack requires user interaction to open a malicious archive; upon extraction, the attacker can write executable content to arbitrary locations with the privileges of the current user.

Summary generated and translated by AI from the official description.
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
RARLAB · WinRAR
public PoCs found6
githubgithub.com/skimask1690/CVE-2025-6218-POC31githubgithub.com/absholi7ly/CVE-2025-6218-WinRAR-Directory-Traversal-RCE18githubgithub.com/speinador/CVE-2025-6218_WinRAR17githubgithub.com/ignis-sec/CVE-2025-621813githubgithub.com/mulwareX/CVE-2025-6218-POC11githubgithub.com/Chrxstxqn/CVE-2025-6218-WinRAR-RCE-POC2
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://foresiet.com/blog/apt-c-08-winrar-directory-traversal-exploit/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6218https://www.secpod.com/blog/archive-terror-dissecting-the-winrar-cve-2025-6218-exploit-apt-c-08s-stealth-move/https://www.win-rar.com/singlenewsview.html?&tx_ttnews%5Btt_news%5D=276&cHash=388885bd3908a40726f535c026f94eb6https://www.zerodayinitiative.com/advisories/ZDI-25-409/