216.73.216.204

WinRAR Directory Traversal & NTFS ADS Vulnerabilities (CVE-2025-6218 & CVE-2025-8088)

· Published 25/08/2025 17:59 · Modified 25/08/2025 20:08

Export JSON

Essential information

Published
25/08/2025 17:59
Modified
25/08/2025 20:08
Tags
2025-08-25 CVE-2025-6218 CVE-2025-8088 remote code execution winrar zero-day
Related entities
2 vulnerabilities (cve), 4 observables, 1 intrusion sets (apt), 4 techniques (mitre), 1 malware, 3 others

Description

Two high-severity vulnerabilities in for Windows enable attackers to write files outside intended extraction directories. involves traditional path traversal, while extends the attack using NTFS Alternate Data Streams. Both flaws allow for reliable persistence and in enterprise environments. Threat actors RomCom and Paper Werewolf have exploited in active campaigns. The vulnerabilities affect versions 7.11 and earlier, with fixes available in versions 7.12 Beta 1 and 7.13. Exploitation requires minimal user interaction and can lead to stealthy persistence by dropping files into autorun locations or hiding payloads in ADS. Immediate patching and proactive hunting for ADS and Startup modifications are essential for defense.

External references