WinRAR actively exploited path traversal code execution flaw (CVE-2025-6218)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-6218 in WinRAR was added to CISA’s KEV catalog after evidence of active exploitation, increasing the risk of code execution on Windows-based builds. The flaw is a path traversal vulnerability that can let an attacker run code in the current user’s context. RARLAB had already patched the issue in WinRAR 7.12, and FCEB agencies must remediate by December 30, 2025.
Related Happenings
WinRAR path-traversal exploitation wave (CVE-2025-8088)
Exploitation Wave
First: 27.01.2026 21:38
Last: 27.01.2026 21:38
Sources 1
About this happening:
**CVE-2025-8088** in **WinRAR** remains part of an **ongoing exploitation wave**, with **multiple threat groups** using the flaw for **initial access** and payload delivery. The a...
WinRAR path-traversal exploitation wave (CVE-2025-8088)
Exploitation WaveAbout this happening: **CVE-2025-8088** in **WinRAR** remains part of an **ongoing exploitation wave**, with **multiple threat groups** using the flaw for **initial access** and payload delivery. The a...
WinRAR path traversal via Alternate Data Streams (CVE-2025-8088)
Vulnerability
First: 27.01.2026 21:38
Last: 27.01.2026 21:38
Sources 1
About this happening:
The **CVE-2025-8088** **WinRAR** path traversal flaw is being **actively exploited**, enabling arbitrary file writes and malicious payload placement for persistence. Attackers abu...
WinRAR path traversal via Alternate Data Streams (CVE-2025-8088)
VulnerabilityAbout this happening: The **CVE-2025-8088** **WinRAR** path traversal flaw is being **actively exploited**, enabling arbitrary file writes and malicious payload placement for persistence. Attackers abu...
Gootloader adopts malformed ZIP archives for stealthier delivery
Malware Activity
First: 16.01.2026 00:54
Last: 16.01.2026 00:54
Sources 1
About this happening:
The **Gootloader** loader has adopted **malformed ZIP archives** that concatenate up to **1,000 archives**, making delivery stealthier and frustrating analysis tools. The payload...
Gootloader adopts malformed ZIP archives for stealthier delivery
Malware ActivityAbout this happening: The **Gootloader** loader has adopted **malformed ZIP archives** that concatenate up to **1,000 archives**, making delivery stealthier and frustrating analysis tools. The payload...
CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008
Public Sector Action
First: 03.10.2025 11:23
Last: 03.10.2025 11:23
Sources 1
About this happening:
CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...
CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008
Public Sector ActionAbout this happening: CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...
Timeline
-
10.12.2025 13:54 2 articles · 5mo ago
CISA adds WinRAR CVE-2025-6218 to KEV catalog
Initial DisclosureCISA added CVE-2025-6218 in WinRAR to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The path traversal flaw affects Windows-based builds, can enable code execution in the current user context, was previously patched by RARLAB in WinRAR 7.12 in June 2025, and triggers a remediation deadline for Federal Civilian Executive Branch agencies by December 30, 2025.
Show sources
- Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups — thehackernews.com — 10.12.2025 13:54
- Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups — thehackernews.com — 10.12.2025 13:54