Detections
Analytics

RARLAB WinRAR < 7.12 Beta 1 Directory Traversal Remote Code Execution (CVE-2025-6218)

high Nessus Plugin ID 242073

Language:

Synopsis

The remote Windows host has an application installed which is affected by a directory traversal remote code execution vulnerability.

Description

The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.12 Beta 1. It is, therefore, affected by a vulnerability:

 - RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. (CVE-2025-6218)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to RARLAB WinRAR version 7.12 Beta 1 or later.

See Also

http://www.nessus.org/u?0bf39350

https://www.zerodayinitiative.com/advisories/ZDI-25-409/

Plugin Details

Severity: High

ID: 242073

File Name: winrar_7_12_Beta_1.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 7/14/2025

Updated: 12/9/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-6218

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:rarlab:winrar

Required KB Items: SMB/Registry/Enumerated, installed_sw/RARLAB WinRAR

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/24/2025

Vulnerability Publication Date: 6/24/2025

CISA Known Exploited Vulnerability Due Dates: 12/30/2025

Reference Information

CVE: CVE-2025-6218

IAVA: 2025-A-0227

ZDI: ZDI-25-409