A high-priority warning regarding a critical security flaw in WinRAR, the popular file compression tool used by millions of Windows users.
The vulnerability, tracked as CVE-2025-6218, is currently being exploited by attackers to compromise systems and execute malicious code.
The specific flaw is known as a “path traversal” vulnerability. In simple terms, WinRAR fails to properly check filenames in compressed archives (such as .zip or .rar files).
WinRAR 0-Day Exploited
Allowing attackers to extract files outside the intended folder is a weakness also highlighted by CISA.
By default, when you open a compressed file, its contents are stored in a specific folder. However, this bug allows a hacker to create a malicious file that tricks WinRAR.
When a user opens this dangerous file, the attacker can “escape” the safe folder and write files to other sensitive areas of the computer.
This allows the attacker to execute code with the same permission level as the user.
| Feature | Details |
|---|---|
| Product | WinRAR (RARLAB) |
| CVE ID | CVE-2025-6218 |
| Vulnerability Type | Path Traversal (Remote Code Execution) |
| CVSS v3.1 Score | 9.8 (Critical) |
| CWE Classification | CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) |
If you are using an administrator account, the hacker could take complete control of your system, steal data, or install ransomware.
CISA added this flaw to its Known Exploited Vulnerabilities (KEV)catalog on December 9, 2025. It is no longer a theoretical risk; it is a live threat.
This is a significant move because CISA adds vulnerabilities to this list only when there is evidence that hackers are actively exploiting them in real-world attacks.
Due to the active threat, CISA has ordered federal agencies to patch their systems by December 30, 2025. However, private businesses and home users should not wait for that deadline. The solution is simple but urgent: Update WinRAR immediately.
Visit the official RARLAB website. Download and install the latest version of WinRAR. If you cannot update, CISA recommends discontinuing the use of the product until a fix is applied.
By updating your software today, you close the door on attackers exploiting this zero-day flaw.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
