Find notable cyber news and cases, enriched with sources, timelines, and signals.

WinRAR actively exploited path traversal code execution flaw (CVE-2025-6218)

Vulnerability
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-6218 in WinRAR was added to CISA’s KEV catalog after evidence of active exploitation, increasing the risk of code execution on Windows-based builds. The flaw is a path traversal vulnerability that can let an attacker run code in the current user’s context. RARLAB had already patched the issue in WinRAR 7.12, and FCEB agencies must remediate by December 30, 2025.

Related Happenings

GhostTree and GhostBranch NTFS junction loops that evade recursive folder scanning

Technical Analysis
H score23 First: 16.06.2026 17:17 Last: 16.06.2026 17:17 Sources 1

About this happening: **GhostTree** and **GhostBranch** use recursive **NTFS junction** loops to generate effectively unlimited paths, allowing files in the same folder to evade **EDR** and **Windows D...

WinRAR path-traversal exploitation wave (CVE-2025-8088)

Exploitation Wave
H score20 First: 27.01.2026 21:38 Last: 27.01.2026 21:38 Sources 1

About this happening: **CVE-2025-8088** in **WinRAR** remains an **ongoing exploitation wave**. **Trend Micro** says **Russia-aligned groups** **Earth Dahu (Gamaredon)** and **SHADOW-EARTH-066 (UAC-022...

WinRAR path traversal via Alternate Data Streams (CVE-2025-8088)

Vulnerability
H score21 First: 27.01.2026 21:38 Last: 27.01.2026 21:38 Sources 1

About this happening: The **CVE-2025-8088** **WinRAR** path traversal flaw is being **actively exploited** through **Alternate Data Streams (ADS)** to write malicious files outside the extraction direc...

Gootloader adopts malformed ZIP archives for stealthier delivery

Malware Activity
H score16 First: 16.01.2026 00:54 Last: 16.01.2026 00:54 Sources 1

About this happening: The **Gootloader** loader has adopted **malformed ZIP archives** that concatenate up to **1,000 archives**, making delivery stealthier and frustrating analysis tools. The payload...

CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008

Public Sector Action
H score36 First: 03.10.2025 11:23 Last: 03.10.2025 11:23 Sources 1

About this happening: CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...

Timeline

  1. 10.12.2025 13:54 2 articles · 7mo ago

    CISA adds WinRAR CVE-2025-6218 to KEV catalog

    Initial Disclosure

    CISA added CVE-2025-6218 in WinRAR to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The path traversal flaw affects Windows-based builds, can enable code execution in the current user context, was previously patched by RARLAB in WinRAR 7.12 in June 2025, and triggers a remediation deadline for Federal Civilian Executive Branch agencies by December 30, 2025.

    Show sources