CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Dec 30, 2025

CVE-2025-6218

High

EPSS 4.7%CISA KEV

Description

RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.

EPSS — Exploit Probability

4.7%

Higher than 89.3% of all CVEs

Required Action

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6218

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 4.7%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Dec 9, 2025

Added to KEV

Dec 9, 2025

Remediation Due

Dec 30, 2025

Affected Product

RARLAB

WinRAR

View all RARLAB CVEs

External Links

NVD (NIST)CVE Details MITRE CVE