RARLAB WinRAR < 7.12 Beta 1 Directory Traversal Remote Code Execution (CVE-2025-6218)

🗓️ 14 Jul 2025 00:00:00Reported by TenableType

RARLAB WinRAR prior to 7.12 Beta 1 has a directory traversal remote code execution vulnerability.

Reporter	Title	Published	Views	Family All 38
GithubExploit	Exploit for Path Traversal in Rarlab Winrar	27 Jun 202500:11	–	githubexploit
GithubExploit	Exploit for Path Traversal in Rarlab Winrar	29 Jun 202519:06	–	githubexploit
GithubExploit	Exploit for Path Traversal in Rarlab Winrar	10 Jul 202501:37	–	githubexploit
GithubExploit	Exploit for Path Traversal in Rarlab Winrar	15 Dec 202510:08	–	githubexploit
GithubExploit	Exploit for Path Traversal in Rarlab Winrar	3 Jul 202504:52	–	githubexploit
GithubExploit	Exploit for Path Traversal in Rarlab Winrar	16 Dec 202508:01	–	githubexploit
GithubExploit	Exploit for Path Traversal in Rarlab Winrar	1 Jul 202505:34	–	githubexploit
Information Security Automation	About Remote Code Execution – WinRAR (CVE-2025-6218, CVE-2025-8088) vulnerabilities	2 Sep 202515:43	–	avleonov
BDU FSTEC	The vulnerability of the WinRAR file archiver, related to incorrect restrictions on the path name of the restricted directory, allows a hacker to execute arbitrary code.	25 Jun 202500:00	–	bdu_fstec
Circl	CVE-2025-6218	19 Jun 202503:00	–	circl

Source	Link
nessus	www.nessus.org/u
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-25-409/
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(242073);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2025-6218");
  script_xref(name:"ZDI", value:"ZDI-25-409");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/12/30");
  script_xref(name:"IAVA", value:"2025-A-0227-S");

  script_name(english:"RARLAB WinRAR < 7.12 Beta 1 Directory Traversal Remote Code Execution (CVE-2025-6218)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application installed which is affected by a directory traversal remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.12 Beta
1. It is, therefore, affected by a vulnerability:

  - RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to
    execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this
    vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists
    within the handling of file paths within archive files. A crafted file path can cause the process to traverse to
    unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current
    user. Was ZDI-CAN-27198. (CVE-2025-6218)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported 
version number.");
  # https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0bf39350");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-25-409/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to RARLAB WinRAR version 7.12 Beta 1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-6218");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/06/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:rarlab:winrar");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("winrar_win_installed.nbin");
  script_require_keys("installed_sw/RARLAB WinRAR", "SMB/Registry/Enumerated");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'RARLAB WinRAR', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '7.12.beta1', 'fixed_display':'7.12 Beta 1'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

21 Jan 2026 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 37.8

EPSS0.05692

SSVC