Unrated severityCISA KEVNVD Advisory· Published Feb 5, 2019· Updated Oct 21, 2025

CVE-2018-20250

Description

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Affected products

Check Point Software Technologies Ltd./WinRARv5
Range: All versions prior and including 5.61

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46552/mitreexploitx_refsource_EXPLOIT-DB
www.exploit-db.com/exploits/46756/mitreexploitx_refsource_EXPLOIT-DB
packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.htmlmitrex_refsource_MISC
www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_acemitrex_refsource_MISC
www.securityfocus.com/bid/106948mitrevdb-entryx_refsource_BID
research.checkpoint.com/extracting-code-execution-from-winrar/mitrex_refsource_MISC
www.win-rar.com/whatsnew.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060