WinRAR actively exploited path traversal code execution flaw (CVE-2025-6218)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-6218 in WinRAR was added to CISA’s KEV catalog after evidence of active exploitation, increasing the risk of code execution on Windows-based builds. The flaw is a path traversal vulnerability that can let an attacker run code in the current user’s context. RARLAB had already patched the issue in WinRAR 7.12, and FCEB agencies must remediate by December 30, 2025.
Related Happenings
GhostTree and GhostBranch NTFS junction loops that evade recursive folder scanning
Technical Analysis
H score23
First: 16.06.2026 17:17
Last: 16.06.2026 17:17
Sources 1
About this happening:
**GhostTree** and **GhostBranch** use recursive **NTFS junction** loops to generate effectively unlimited paths, allowing files in the same folder to evade **EDR** and **Windows D...
GhostTree and GhostBranch NTFS junction loops that evade recursive folder scanning
Technical AnalysisAbout this happening: **GhostTree** and **GhostBranch** use recursive **NTFS junction** loops to generate effectively unlimited paths, allowing files in the same folder to evade **EDR** and **Windows D...
WinRAR path-traversal exploitation wave (CVE-2025-8088)
Exploitation Wave
H score20
First: 27.01.2026 21:38
Last: 27.01.2026 21:38
Sources 1
About this happening:
**CVE-2025-8088** in **WinRAR** remains an **ongoing exploitation wave**. **Trend Micro** says **Russia-aligned groups** **Earth Dahu (Gamaredon)** and **SHADOW-EARTH-066 (UAC-022...
WinRAR path-traversal exploitation wave (CVE-2025-8088)
Exploitation WaveAbout this happening: **CVE-2025-8088** in **WinRAR** remains an **ongoing exploitation wave**. **Trend Micro** says **Russia-aligned groups** **Earth Dahu (Gamaredon)** and **SHADOW-EARTH-066 (UAC-022...
WinRAR path traversal via Alternate Data Streams (CVE-2025-8088)
Vulnerability
H score21
First: 27.01.2026 21:38
Last: 27.01.2026 21:38
Sources 1
About this happening:
The **CVE-2025-8088** **WinRAR** path traversal flaw is being **actively exploited** through **Alternate Data Streams (ADS)** to write malicious files outside the extraction direc...
WinRAR path traversal via Alternate Data Streams (CVE-2025-8088)
VulnerabilityAbout this happening: The **CVE-2025-8088** **WinRAR** path traversal flaw is being **actively exploited** through **Alternate Data Streams (ADS)** to write malicious files outside the extraction direc...
Gootloader adopts malformed ZIP archives for stealthier delivery
Malware Activity
H score16
First: 16.01.2026 00:54
Last: 16.01.2026 00:54
Sources 1
About this happening:
The **Gootloader** loader has adopted **malformed ZIP archives** that concatenate up to **1,000 archives**, making delivery stealthier and frustrating analysis tools. The payload...
Gootloader adopts malformed ZIP archives for stealthier delivery
Malware ActivityAbout this happening: The **Gootloader** loader has adopted **malformed ZIP archives** that concatenate up to **1,000 archives**, making delivery stealthier and frustrating analysis tools. The payload...
CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008
Public Sector Action
H score36
First: 03.10.2025 11:23
Last: 03.10.2025 11:23
Sources 1
About this happening:
CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...
CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008
Public Sector ActionAbout this happening: CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...
Timeline
-
10.12.2025 13:54 2 articles · 7mo ago
CISA adds WinRAR CVE-2025-6218 to KEV catalog
Initial DisclosureCISA added CVE-2025-6218 in WinRAR to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The path traversal flaw affects Windows-based builds, can enable code execution in the current user context, was previously patched by RARLAB in WinRAR 7.12 in June 2025, and triggers a remediation deadline for Federal Civilian Executive Branch agencies by December 30, 2025.
Show sources
- Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups — thehackernews.com — 10.12.2025 13:54
- Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups — thehackernews.com — 10.12.2025 13:54