What is the CVSS score of CVE-2018-20250?

CVE-2018-20250 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 93.5%.

Which versions of In WinRAR are affected by CVE-2018-20250?

Organizations using WinRAR face notable risk from CVE-2018-20250 rated CVSS 7.8. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2018-20250?

Yes, a public proof-of-concept exploit is available for CVE-2018-20250. Prioritise patching immediately. EPSS: 93.5%.

How to fix or mitigate CVE-2018-20250?

Within 24 hours: Identify all affected systems running WinRAR and apply vendor patches immediately. Monitor vendor channels for patch availability.

In WinRAR CVE-2018-20250

HIGH

Absolute Path Traversal (CWE-36)

2019-02-05 cve@checkpoint.com

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 31, 2025 - 22:07 cisa

CISA KEV

PoC Detected

Oct 31, 2025 - 22:07 vuln.today

Public exploit code

CVE Published

Feb 05, 2019 - 20:29 nvd

HIGH 7.8

DescriptionNVD

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

AnalysisAI

WinRAR before 5.61 contains a path traversal vulnerability in the ACE archive format handler (UNACEV2.dll) that allows extraction of files to arbitrary locations, enabling persistent malware installation through Startup folder placement.

Technical ContextAI

The CWE-36 path traversal in UNACEV2.dll occurs when parsing the filename field of ACE format archives. By manipulating the filename with traversal sequences, attackers can write files to any writable location. The classic attack writes a malicious executable to the Windows Startup folder for persistence.

Affected ProductsAI

WinRAR versions prior to and including 5.61

RemediationAI

Update WinRAR to 5.70+ which removed ACE format support entirely (UNACEV2.dll deleted). The DLL cannot be patched as source code was lost. Alternatively, manually delete UNACEV2.dll from WinRAR installation directory.

CVE-2018-20250 vulnerability details – vuln.today

Back

In WinRAR CVE-2018-20250

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code