CVE-2025-6218 – WinRAR Directory Traversal Remote Code Execution Vulnerability

June 20, 2025

CVE ID : CVE-2025-6218

Published : June 21, 2025, 1:15 a.m. | 31 minutes ago

Description : RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6374 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

Next Article CVE-2025-6217 – PEAK-System PCANFD Driver Information Disclosure Kernel Vulnerability

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-6218 – WinRAR Directory Traversal Remote Code Execution Vulnerability

CVE-2025-6371 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE-2025-6372 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE-2025-4786 – SourceCodester Oretnom23 Stock Management System SQL Injection

New Xbox games launching this week, from May 26 through June 1 — Elden Ring Nightreign is here

CVE-2025-52782 – King Rayhan Scroll UP Cross-site Scripting Vulnerability

CVE-2025-29756 – SunGrow iSolarCloud MQTT Credentials Disclosure and Decryption Key Extraction Vulnerability

Use AI at work? You might be ruining your reputation, a new study finds

How to Secure Mobile APIs in Flutter

I expected this $20 Amazon Basics multitool to be junk, but it proved me wrong

CVE-2024-55595 – Cisco Webex Meeting Server Unvalidated Redirect

CVE-2025-6218 – WinRAR Directory Traversal Remote Code Execution Vulnerability

Related Posts