The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting WinRAR.
Technical Details
CVE-2025-6218 with a CVSS score of 7.8 is has been recently under active attack by various threat groups.
This vulnerability is a path traversal bug that enables code execution, requiring the victim to visit an infected page or open a malicious file.
This vulnerability affects only Windows systems.
RARLAB patched this bug with the release of WinRAR version 7.12.
Malicious actors could exploit this vulnerability along another path traversal flaw (CVE-2025-8088)
It is of great importance to make sure that you are using the latest version of WinRAR in all your systems.
Recommendations
The Digital Security Authority recommends upgrading to the latest version of WinRAR.
As of 11 December 2025, the latest version is 7.13 and it can be found in official WinRAR page here.
References
The information presented in this report is based on available data up to the 11th of December 2025.