RARLAB WinRAR RCE Vulnerability - 20250821001

Overview

The WASOC has been made aware of RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
WinRAR	Version prior to 7.12	CVE-2025-6218	7.8	High

What has been observed?

There are reports of Proof of concept for exploitation in the wild of this vulnerability impacting WinRAR products. The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

• WinRAR: https://www.win-rar.com/singlenewsview.html?&L=0

Additional Resources

• Zero Day Initiative: https://www.zerodayinitiative.com/advisories/ZDI-25-409/
• Securityonline: https://securityonline.info/beyond-the-inbox-how-a-cyber-espionage-group-is-exploiting-two-winrar-vulnerabilities/