CVE-2025-6218: 
WinRAR vulnerability analysis and mitigation

CVE-2025-6218 is a directory traversal vulnerability in RARLAB WinRAR that allows remote code execution. The vulnerability was discovered by researcher whs3-detonator working with Trend Micro Zero Day Initiative and was disclosed on June 19, 2025. The vulnerability affects Windows versions of WinRAR, RAR, UnRAR, portable UnRAR source code and UnRAR.dll, while Unix versions and RAR for Android are not affected (ZDI Advisory, WinRAR News).

The vulnerability exists within the handling of file paths within archive files. When extracting a file, affected versions can be tricked into using a path defined in a specially crafted archive instead of the user-specified path. This directory traversal flaw allows an attacker to potentially write files to unintended locations. The vulnerability has been assigned a CVSS v3.0 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current user. The attack requires user interaction, specifically that the target must visit a malicious page or open a malicious file (ZDI Advisory).

RARLAB has released WinRAR version 7.12 Beta 1 on June 10, 2025, which addresses this vulnerability. Users are advised to update to the latest version to protect against this security issue (WinRAR News).