CVE-2025-6218

ENISA EUVD: EUVD-2025-28706 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 3 articles

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

5.69%

probability

This CVE has a 5.69% probability of being exploited in the next 30 days.

0% Top 90.5th percentile of all CVEs 100%

CVSS v3.0

Source: NVD

7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

NVD

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.

Affected Products

rarlab

winrar

Attack Intelligence

CWE-22 · Path Traversal CWE-664 · Improper Control of a Resource Through its Lifetime CWE-706 · Use of Incorrectly-Resolved Name or Reference

Exploits & PoC

skimask1690/CVE-2025-6218-POC

Proof of Concept for CVE-2025-6218, demonstrating the exploitation of a vulnerability in WinRAR versions 7.11 and under, involving improper handling o

31 2025-07-01

absholi7ly/CVE-2025-6218-WinRAR-Directory-Traversal-RCE

CVE-2025-6218 is a directory traversal vulnerability in WinRAR that allows an attacker to place files outside the intended extraction directory when a

18 2025-07-10

speinador/CVE-2025-6218_WinRAR

17 2025-06-27

ignis-sec/CVE-2025-6218

A simple proof of concept for WinRAR Path Traversal | RCE | CVE-2025-6218

12 2025-06-29

mulwareX/CVE-2025-6218-POC

RARLAB WinRAR Directory Traversal Remote Code Execution

11 2025-07-03

Chrxstxqn/CVE-2025-6218-WinRAR-RCE-POC

Comprehensive analysis and proof-of-concept for CVE-2025-6218 - WinRAR path traversal RCE vulnerability affecting versions 7.11 and earlier

2 2025-12-15

6 repos — triés par ⭐ Rechercher sur GitHub ↗

https://www.win-rar.com/singlenewsview.html?&tx_ttnews%5Btt_news%5D=276&cHash=388885bd3908a40726f535c026f94eb6

Release Notes

https://www.zerodayinitiative.com/advisories/ZDI-25-409/

Third Party Advisory VDB Entry

https://foresiet.com/blog/apt-c-08-winrar-directory-traversal-exploit/

Exploit Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6218

US Government Resource

https://www.secpod.com/blog/archive-terror-dissecting-the-winrar-cve-2025-6218-exploit-apt-c-08s-stealth-move/

Exploit Third Party Advisory

Signal Intelligence

Confidenceⓘ

85%

EPSS 5.69%

CVSS v3.0 7.8

Mentions 3

Last Seen Jan 28, 2026

CNA Information

Analyst Note

CVE-2025-6218 is confirmed as a zero-day: published June 21, 2025, with documented active exploitation by multiple threat actors reported by CISA and added to the KEV catalog, indicating in-the-wild attacks occurred before or concurrent with patch availability. The 2025 publication year and explicit CISA KEV listing citing 'active exploitation' strongly support zero-day classification.