Ctrl + K
/ news / CVE
CVEPublished 2025-06-212 articles on news6 live referencesNVD data

CVE-2025-6218

Vulnerability data via CVEDB (Shodan)

CISA KEVKnown exploited in the wild.
CISA action: RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
CVSS v3.1
7.8
HIGH
EPSS percentile
91
Exploit Prediction Scoring System · top 9% of all CVEs
Description

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.

Timeline
Published 2025-06-21

External references

NVDMITREExploit-DBSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2025-6218
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Rarlab Winrar"
All exposed Rarlab Winrar instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Winrar"
HTTP body or banner mentions "Winrar" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2025-6218
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-6218
Censys host search filtered to this CVE id.
grep.app
CVE-2025-6218
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-6218
GitHub code search for direct mentions.
Google dork
"CVE-2025-6218" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2025-62188 repos
nomi-sec/PoC-in-GitHubunknown
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
★ 7,812·updated today
delivr-to/detectionsYARA
A home for detection content developed by the delivr.to team
★ 75·updated 10mo ago
skimask1690/CVE-2025-6218-POCBatchfile
Proof of Concept for CVE-2025-6218, demonstrating the exploitation of a vulnerability in WinRAR versions 7.11 and under, involving improper handling of archive extraction paths.
★ 31·updated 11mo ago
absholi7ly/CVE-2025-6218-WinRAR-Directory-Traversal-RCEunknown
CVE-2025-6218 is a directory traversal vulnerability in WinRAR that allows an attacker to place files outside the intended extraction directory when a user extracts a specially cra…
★ 18·updated 11mo ago
speinador/CVE-2025-6218_WinRARBatchfile
★ 17·updated 11mo ago
ignis-sec/CVE-2025-6218Python
A simple proof of concept for WinRAR Path Traversal | RCE | CVE-2025-6218
★ 13·updated 11mo ago
mulwareX/CVE-2025-6218-POCPython
RARLAB WinRAR Directory Traversal Remote Code Execution
★ 11·updated 11mo ago
UnHackerEnCapital/PepRaRPython
Laboratorio PoC Exploit RAR (Path Traversal / Injection ) - CVE2025-8088 / 2025-6218
★ 11·updated 4mo ago
Articles on news mentioning CVE-2025-6218