CISA Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-6218
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the WinRAR file archiver, identified as CVE-2025-6218, to its Known Exploited Vulnerabilities catalog. This path traversal bug, which has a CVSS score of 7.8, allows for code execution if a user opens a malicious file or visits a compromised webpage. The vulnerability affects only Windows-based versions of WinRAR and was patched in June 2025 with the release of WinRAR 7.12. Despite the patch, the flaw is being actively exploited by threat groups such as GOFFEE, Bitter, and Gamaredon. These groups have used the vulnerability to conduct espionage and sabotage operations, including phishing campaigns targeting Ukrainian entities. 
