The U.S. CISA has added a critical vulnerability in WinRAR, tracked as CVE-2025-6218, to its KEV list due to active exploitation by threat actors like GOFFEE, Bitter, and Gamaredon. This flaw enables code execution through path traversal and has been weaponized in targeted attacks, including espionage and malware delivery. #CISA #WinRARVulnerability
Keypoints
- The vulnerability CVE-2025-6218 affects Windows versions of WinRAR and can lead to code execution.
- It was patched with WinRAR version 7.12 in June 2025, but active exploits persist.
- Threat actors like GOFFEE, Bitter, and Gamaredon have exploited this flaw for espionage and malware campaigns.
- Attackers use spear-phishing and malicious archives to deliver payloads such as Trojans and backdoors.
- Organizations, including U.S. federal agencies, must patch by December 30, 2025, to prevent exploitation.
Read More: https://thehackernews.com/2025/12/warning-winrar-vulnerability-cve-2025.html