What is the CVSS score of CVE-2025-6218?

CVE-2025-6218 has a CVSS 3.0 base score of 7.8 (High). CVSS vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 4.7%.

Which versions of Winrar are affected by CVE-2025-6218?

WinRAR, a widely-used file compression tool, contains a critical vulnerability (CVE-2025-6218) that allows attackers to execute malicious code on user systems through specially crafted archive files.. A patch is available.

Is there a public PoC exploit available for CVE-2025-6218?

Yes, a public proof-of-concept exploit is available for CVE-2025-6218. Prioritise patching immediately. EPSS: 4.7%.

How to fix or mitigate CVE-2025-6218?

Within 24 hours: Issue an urgent security advisory to all users restricting opening WinRAR files from untrusted sources and disable WinRAR auto-extraction features if possible; audit systems to identify WinRAR installations. Within 7 days: Implement application whitelisting or remove WinRAR from systems where alternative solutions exist; if retention is necessary, isolate systems running WinRAR from sensitive networks. Within 30 days: Monitor RARLAB for patch availability and prepare rapid deployment plan; conduct threat hunting for indicators of exploitation; consider transitioning to alternative archive tools (7-Zip, native Windows utilities) where feasible.

Winrar CVE-2025-6218

EUVD-2025-28706 HIGH

Path Traversal (CWE-22)

2025-06-21 zdi-disclosures@trendmicro.com

RCE Path Traversal Winrar

7.8

CVSS 3.0

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 21:35 euvd

EUVD-2025-28706

Analysis Generated

Mar 15, 2026 - 21:35 vuln.today

Added to CISA KEV

Dec 10, 2025 - 13:48 cisa

CISA KEV

PoC Detected

Dec 10, 2025 - 13:48 vuln.today

Public exploit code

CVE Published

Jun 21, 2025 - 01:15 nvd

HIGH 7.8

DescriptionNVD

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.

AnalysisAI

WinRAR contains a directory traversal vulnerability (CVE-2025-6218, CVSS 7.8) enabling remote code execution when users extract crafted archives. KEV-listed with EPSS 4.7% and public PoC, this vulnerability allows archive files to write outside the extraction directory, placing malicious files in startup folders or other sensitive locations. Given WinRAR's 500+ million user base, this is a high-impact social engineering vector.

Technical ContextAI

The vulnerability in WinRAR's archive extraction logic allows path traversal sequences in filenames within the archive. When a user extracts the archive, files can be written to arbitrary locations on the filesystem instead of the intended extraction directory. Attackers typically target the Windows Startup folder (for persistence) or overwrite system files. This is reminiscent of CVE-2018-20250 (the ACE format traversal in WinRAR) which was also KEV-listed and widely exploited.

RemediationAI

Update WinRAR immediately. If unable to update, exercise extreme caution with archive files from untrusted sources. Enterprise: deploy WinRAR updates via software management. Consider blocking RAR attachments at email gateways.

Vendor StatusVendor

Debian

rar

Release	Status	Fixed Version	Urgency
bullseye/non-free	fixed	2:6.23-1~deb11u1	-
bookworm/non-free	fixed	2:7.01-1~deb12u1	-
trixie/non-free	fixed	2:7.11-1	-
forky/non-free, sid/non-free	fixed	2:7.20-1	-
(unstable)	not-affected	-	-

CVE-2025-6218 vulnerability details – vuln.today

Back

Winrar CVE-2025-6218

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Debian

Share

External POC / Exploit Code