Directory Traversal Remote Code Execution Weakness in RARLAB WinRAR
CVE-2025-6218
Key Information:
Badges
What is CVE-2025-6218?
CVE-2025-6218 is a security vulnerability within RARLAB WinRAR, a widely used file compression and extraction tool that facilitates the management of archives. This particular vulnerability arises from improper handling of file paths, which can allow remote attackers to conduct directory traversal attacks. By exploiting this flaw, an attacker can potentially execute arbitrary code on a compromised system, but user interaction is necessary, as the victim must either visit a malicious webpage or open a specifically crafted file.
The issue primarily stems from the way WinRAR processes directory paths in archive files, which can inadvertently lead to the execution of code outside intended directory structures. This weakness is particularly serious because it opens the door for attackers to run malicious scripts and compromise the system using the privileges of the currently logged-in user.
Potential impact of CVE-2025-6218
-
Remote Code Execution: The most critical impact of this vulnerability is its potential to allow an attacker to execute arbitrary code remotely. This capability can lead to significant control over the affected system, including the installation of malware or the exfiltration of sensitive data.
-
User Interaction Requirement: Although the exploit requires user interaction, it still poses a threat, as users may not be aware of the risks associated with opening unknown files or visiting suspicious links. This reliance on user behavior can make organizations vulnerable to social engineering attacks.
-
Broad System Compromise: Given WinRAR's widespread use in various environments, a successful exploit could lead to widespread system and network breaches within an organization. If compromised, an attacker could propagate malware throughout a company's infrastructure, leading to potential data loss, operational downtime, and financial repercussions.
Affected Version(s)
WinRAR 7.11 (64-bit)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Stealthy backdoor found hiding in SOHO devices running
2 weeks ago

Warning! WinRAR: Critical Vulnerability That Could Run Malware
Discover WinRAR vulnerability that allows malware execution via archive extraction. Update to version 7.12 beta 1 now!
3 weeks ago
WinRAR patches bug letting malware launch from extracted archives
WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive.
3 weeks ago
References
CVSS V3.0
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by GBHackers News
Vulnerability published