Unrated severityCISA KEVNVD Advisory· Published Jun 21, 2025· Updated Feb 26, 2026
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability
CVE-2025-6218
Description
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- www.win-rar.com/singlenewsview.htmlmitrevendor-advisory
- www.zerodayinitiative.com/advisories/ZDI-25-409/mitrex_research-advisory
News mentions
4- GhostShell Malware Uses mTLS Implant and Telegram Dead-Drop to Target Ukrainian Drone OperationsCyber Security News · Jun 24, 2026
- Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door OpenTrend Micro Research · Jun 8, 2026
- Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial AccessCyber Security News · May 22, 2026
- Exploits and vulnerabilities in Q1 2026Securelist · May 7, 2026