"The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enable code execution. However, for exploitation to succeed, it requires a prospective target to visit a malicious page or open a malicious file. 'RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user,' CISA said in an alert."
"The development comes in the wake of multiple reports from BI.ZONE, Foresiet, SecPod, and Synaptic Security, the vulnerability has been exploited by two different threat actors tracked as GOFFEE (aka Paper Werewolf), Bitter (aka APT-C-08 or Manlinghua), and Gamaredon. In an analysis published in August 2025, the Russian cybersecurity vendor said there are indications that GOFFEE may be exploited CVE-2025-6218 along with CVE-2025-8088 (CVSS score: 8.8), another path traversal flaw in WinRAR, in attacks targeting organizations in the country in July 2025 via phishing emails."
CVE-2025-6218 is a WinRAR path traversal vulnerability with a CVSS score of 7.8 that can enable code execution if a target visits a malicious page or opens a malicious file. The vulnerability allows attackers to place files in sensitive locations such as the Windows Startup folder, potentially achieving code execution on next login. RARLAB released a patch in WinRAR 7.12 in June 2025, and the flaw affects only Windows builds. Multiple reports attribute active exploitation to threat actors including GOFFEE, Bitter, and Gamaredon, with campaigns using phishing and weaponized RAR archives to achieve persistence and drop malware.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]