Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability

Vulnerability

Exploited

Patched

A directory traversal vulnerability allowing remote code execution has been identified in RARLAB WinRAR. This issue arises from improper handling of file paths within archive files, enabling an attacker to craft a file path that traverses to unintended directories. Exploitation requires user interaction, as the target must open a malicious file or visit a harmful webpage. The vulnerability affects WinRAR versions prior to 7.11.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, executed in the context of the user.

Remediation

RARLAB has released a patch for this vulnerability in WinRAR version 7.11. Users are advised to update to this version.

Added: Jun 21, 2025, 1:28 AM

Updated: Dec 9, 2025, 9:35 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

3.1

exploitability

6.1

remediation

7.7

relevance

0.2

threat

8.1

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

3.1

exploitability

6.1

remediation

7.7

relevance

0.2

threat

8.1

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

RARLAB WinRAR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating